Data protection declaration
We take the protection of your personal data seriously and want you to feel safe when you visit our website. We comply with data protection regulations and in particular the EU General Data Protection Regulation (“GDPR”).
In this data protection declaration we explain to you what information (including personal data) is processed by us during your visit and your use of our stated internet site (“website”).
Please note that data transmission over the internet (e.g. during communication by email) may be subject to security risks. It is not possible to provide full protection of data against access by third parties.
1. Who is responsible for data processing?
The controller as defined in the GDPR with respect to the processing of personal data is
Wilh. Werhahn KG Neuss
41460 Neuss, Germany
Telephone: +49 (0) 2131 - 916-0
Where reference is made to “we” and “us” in this data protection declaration, it is this company that is being referred to.
You can contact our data protection officer here:
Data Protection Officer for Wilh. Werhahn KG Neuss
41460 Neuss, Germany
Telephone: +49 (0) 2131 - 916-0
2. What data do we process?
You can access our website without providing basic personal data (such as your name, your postal address or your email address). Even in this case, we to need collect and save certain information in order to enable your access to our website.
Log files: When you visit our website, our web server automatically saves the domain name and the IP address of the requesting computer (usually that of your internet access provider), including the date, time and duration of your visit, the sub-pages/URLs you visit and information about the applications and terminals used by you to view our webpages.
Making contact: If you make contact with us in one of the ways available on our website, we process the personal data contained in your message and provided by you in order to deal with and respond to your enquiry. Please note that our website also provides ways to contact third parties (for example service providers of marketing and administrative activities working on our behalf). If you contact such a third party using one of the means available, any personal data you provide will be processed by this third party.
Cookies: In order to make our website as user-friendly as possible, we make use of so-called cookies, as do many leading businesses. Cookies are small text files that are saved by the internet browser you use. These files help us detect certain preferences of our visitors’ browsing habits and to design our website accordingly. Most of the cookies used by us are so-called session cookies. They are automatically deleted at the end of your visit. However, we also make use of persistent cookies. These are used to facilitate user navigation. Our cookies do not collect personal data and cannot be used to identify you on the websites of third parties. You can set your browser in such a way that it informs you when cookies are installed. You will thus be aware of how cookies are being used. You also have the option of setting your browser to reject cookies. However, this may result in you being unable to make use of all the features of our website.
Facebook Pixel: Our website makes use of the Facebook visitor action pixel of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) for the measurement of cross-device conversion.
This makes it possible to track the behaviour of website visitors once they have been transferred to the website of a provider after clicking on a Facebook advertisement. It is thus possible to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and to optimise future advertising.
The data collected is anonymous for us as the operator of this website and we are unable to use it to infer the identity of users. However, the data is stored and processed by Facebook, so that it is possible to make a link to the relevant user profile, allowing Facebook to use the data for its own advertising purposes as specified in the Facebook Data Use Policy. As a result, Facebook can decide to place advertisements on specific Facebook pages and also where to place advertisements outside Facebook. As the operator of this website, we have no influence on the use of the data.
We have a legitimate interest in the use of Facebook pixels per Art. 6, 1. (f) GDPR. The website operator has a legitimate interest in effective advertising, which includes use of social media.
You can find more information on the protection of your private sphere in the Facebook data privacy statement: https://www.facebook.com/about/privacy/.
You can also deactivate the “Custom Audiences” remarketing feature using the advertising settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged into Facebook.
If you do not have a Facebook account, you can deactivate user-based advertising by Facebook through the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.
Plugins and tools:
Links to other websites: Our website contains links to external online services (including our presence on Facebook, YouTube, LinkedIn and Instagram). These are so-called “social plugins”; they take the form of buttons through which the providers of the external services can obtain information about the users of our website as soon as they access it. Please note, however, that when you connect to external online services, information (possibly including personal data) about your visit may be collected by the providers of those services. You will find more detailed information in the data privacy policies of the various providers.
3. For what purposes and on what legal basis do we process your data?
Processing of any personal data stored in log files is necessary to enable you to use our website; this is lawful on the basis of Art. 15 para. 1 of the German Telemedia Act (TMG) and Article 6, 1. (f) GDPR in view of our legitimate interest in the efficient operation of our website.
Processing of the data collected by cookies (by the web analysis services, plugins and tools) and the pseudonymised user profiles is necessary for purposes of marketing, market research and the optimised use of our website and is lawful on the basis of Art. 15 para. 3 of the German Telemedia Act (TMG) and Article 6, 1. (f) GDPR in view of our legitimate interest in the analysis of the use of our website and the optimisation of its design.
Data processing by Google reCAPTCHA is lawful on the basis of Art. 6, 1. (f) GDPR in view of our legitimate interest in protecting our website against improper automated spying and spam.
Our processing of data in order to respond to enquiries is lawful on the basis of Art. 6, 1. (f) GDPR in view of our legitimate interest in the generation and maintenance of business contacts. If your enquiry relates to the conclusion of a contract or to pre-contractual matters, we have the right to process your personal data on the basis of Article 6, 1. (b) GDPR.
We may also process the personal data collected during your use of our website in order to meet our legal obligations; this is lawful on the basis of Article 6, 1. (c) GDPR.
Where necessary, we may also process your personal data for reasons other than those specified above in order to protect our legitimate interests and those of third parties; this is lawful on the basis of Article 6,1. (f) GDPR. We also have a legitimate interest in processing your data with regard to the assertion of legal claims and defence in legal disputes, the prevention and solving of offences, as well as the management and further development of our business activities, including risk management.
4. Am I obligated to provide data?
In order to respond to any enquiry you send to us, we will need at least your name and information on the way we should contact you (e.g. a postal address or an email address). We will not be able to process your enquiry without the provision of this obligatory and necessary information.
If we collect further personal data from you, we will inform you at the time of collection whether the provision of this information is legally or contractually prescribed or necessary for the purposes of the conclusion of a contract. We generally indicate what information is to be provided on a voluntary basis and is not required to meet any of the above stipulated obligations or is not necessary for the conclusion of a contract.
5. To whom do we release your data?
Your personal data is always processed by us internally. Depending on the type of personal data, only certain departments/organisational units will have access to your personal data. Our in-house role and authorisation concept restricts access to the required functions necessary for the relevant processing and also limits the scope of processing to that required for the corresponding purpose.
We can also transmit your personal data to external third parties within the scope of the legally permissible. This particularly includes the following external recipients:
- The service providers separately commissioned by us as well as sub-contractors of our service providers used with our consent; in this connection, this may also involve the processing of personal data
- Freight companies for the shipment of orders
- Credit institutes in order to deal with payments
- Non-public and public offices, in as far as we are obligated for legal reasons to supply your personal data to these.
6. Is automated decision-making used?
We never make use of automatic decision-making (including profiling) as defined in Article 22 GDPR on our website. If we do make use of such procedures in particular cases, we will inform you separately as required by law.
7. Is data transmitted to countries outside the EU/EEA?
In most cases, data is processed within countries of the EU or European Economic Area. It is only in connection with the use of our web analysis services, plugins and tools that we may transmit information to recipients in so-called “third countries”. “Third countries” are countries outside the European Union or the European Economic Area; it cannot be assumed that these employ a level of data protection equivalent to that of the European Union. In as far as the information transmitted also includes personal data and we are not obligated to transmit this for legal reasons, we will ensure before transmission that the relevant third country or recipient in the third country guarantees an appropriate level of data protection. This can be based on an “adequacy decision” of the European Commission; the European Commission has the power to determine whether a third country offers an adequate level of data protection. Alternatively, we might also decide that data transmission is safe on the basis of the so-called ”EU standard contract clauses”. We will be happy to provide you on request with more information about the suitable and appropriate guarantees that can be used to ensure an appropriate level of data protection; you will find the contact data at the beginning of this data privacy declaration. For information on the EU standard contract clauses click here: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:DE:PDF and for information on adequacy decisions click here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu.
8. For how long will my data be retained?
In principle we will only retain your personal data for as long as we have a legitimate interest in such retention and until your interest in the non-retention of this information outweighs our interest in retaining it. Even in circumstances in which we have no legitimate interest in doing so, we may continue to store your data, provided we are legally obligated to do so (for example, in order to comply with archiving requirements). We will also delete your personal data without any action on your part as soon as it is no longer needed to meet the needs of processing or its retention is otherwise legally prohibited.
The personal data we need to retain to meet our archiving requirements will be stored until the termination of the stipulated archiving period. In as far as your personal data is only being retained in order to comply with archiving requirements, access to this will usually be blocked so that it can only be accessed when this is necessary for the purposes of the archiving requirements.
9. What rights do I have?
a) The right to object per Art. 21 GDPR
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on points (e) or (f) of Art. 6, 1. including profiling based on these provisions. In this case, we shall no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or processing is necessary for the establishment, exercise or defence of legal claims.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for direct marketing purposes, your personal data will no longer be processed for this purpose.
b) Your other rights
As a data subject, you have the right:
- Of access to information on your stored personal data per Art. 15 GDPR
- To the rectification of incorrect personal data and the completion of incomplete personal data per Art. 16 GDPR;
- To the erasure of personal data per Art. 17 GDPR
- To the restriction of processing of personal data, Art. 18 GDPR
- To data portability, Art. 20 GDPR.
You can at any time withdraw your consent to data processing given to us. For this purpose, you need only send us an email stating your withdrawal of consent. Withdrawal of consent will not retrospectively invalidate the lawfulness of the processing carried out up to that point in time. Even if you withdraw your consent, we may continue to process your personal data if there is an alternative legal basis for this (e.g. Art. 6, 1.(b) GDPR and Art. 6, 1. (f) GDPR).
To exercise any of the above rights, you need only contact us at any time, e.g. using the contact data specified at the beginning of this data protection declaration.
You are also entitled to lodge a complaint with the competent data protection supervisory authority per Article 77 GDPR.