Data Privacy
Our service to you
Data Privacy Information
This data privacy information serves to inform you about our handling of your personal data and your rights pursuant to the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). Witech GmbH (hereinafter referred to as ‘we’ or ‘us’) is the controller of the data processing.
I. General Information
1. Contact
If you have any questions or feedback concerning this information or wish to contact us to exercise your rights, please send your enquiry to
Witech GmbH
Fürberger Straße 1, 42857 Remscheid, Deutschland
Tel.: 02191 88410
Email: info@witech-gmbh.de
2. Legal Basis
The legal term ‘personal data’ refers to all information relating to an identified or identifiable human. We process personal data in compliance with the applicable data protection regulations, in particular the GDPR and the BDSG. We solely process data with legal permission. We process personal data solely with your consent (section 15 para. 3 TMG or Art. 6 para. 1 letter a) GDPR), to perform a contract to which you are a party or to take steps at your request prior to entering into a contract (Art. 6 para. 1 letter b) GDPR), to comply with a legal obligation (Art. 6 para. 1 letter c) GDPR) or where processing is necessary for the purposes of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data (Art. 6 para. 1 letter f) GDPR).
3.Period of Storage
Unless otherwise stated in the following, we will only store your data for as long as required to achieve the intended processing purpose or to fulfil our contractual or statutory obligations. In particular, such statutory retention requirements may result from regulations under commercial or tax law. From the end of the calendar year in which the respective data has been collected, we will store personal data used in accounting for ten years and personal data from commercial letters and contracts for six years. Apart from this, we will store data required to prove declarations of consent and data about complaints and claims for the duration of the statutory limitation periods. Data collected for marketing purposes will be deleted upon your objection to this processing.
4. Recipients of Data
For certain processing activities, we rely on processors. These processing activities include, for example, hosting, maintenance and support of IT systems, client and order management, file and data carrier destruction. A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Processors only process data on explicit instruction and are contractually obliged to implement appropriate technical and organizational measures ensuring data protection. Apart from that, we may transfer your data to postal and delivery services, payment services, our bank, consultants/auditors or the fiscal authority if necessary. If applicable, further recipients are mentioned below.
5. Data Transfer to Third Countries
Visiting our website may involve the transfer of certain personal data to third countries, i.e. countries in which the GDPR is not applicable law. Such a transfer is lawful, if the European Commission has determined that the third country ensures an adequate level of data protection. In absence of such an adequacy decision by the European Commission, the personal transfer may only be transferred to a third country if appropriate safeguards in accordance with Art. 46 GDPR are provided or one of the conditions pursuant to Art. 49 GDPR is met.
Unless otherwise stated in the following we use the standard contractual clauses for the transfer of personal data to processors established in third countries as appropriate safeguards: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32010D0087.
6. Processing in the Exercise of your Rights pursuant to Art. 15 to 22 GDPR
If you exercise your rights pursuant to Art. 15 to 22 GDPR, we process the personal data transferred in order for us to grant you your rights and to acquire proof thereof. Data stored for the purpose of granting you your right of access and for the preparation thereof will only be processed for this purpose and for the purpose of data protection audits. Any further processing is restricted in accordance with Art. 18 GDPR. These processing operations are based on Art. 6 para. 1 letter c) GDPR in conjunction with Art. 15 to 22 GDPR and section 34 para. 2 BDSG.
7. Your Rights
As the data subject, you are entitled to assert your rights against us. In particular, you have the following rights:
-
Pursuant to Art. 15 GDPR and section 34 BDSG, you have the right of access to information confirming whether and, if so, to what extent we are processing personal data concerning you.
-
Pursuant to Art. 16 GDPR, you have the right to rectification of your data.
-
Pursuant to Art. 17 GDPR and section 35 BDSG, you have the right to erasure of your personal data.
-
Pursuant to Art. 18 GDPR, you have the right to require us to restrict the processing of your personal data.
-
Pursuant to Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and the right to transfer such data to another controller.
-
Where you have granted us specific consent to a processing activity, you can withdraw such consent at any time pursuant to Art. 7 para. 3 GDPR. Any such withdrawal of consent shall not affect the lawfulness of processing based on that consent prior to its withdrawal.
-
If you are of the view that the processing of your personal data infringes GDPR provisions, you have the right to lodge a complaint with a supervisory authority pursuant to Art.77 GDPR.
8. Right to Object
Pursuant to Art. 21 para. 1 GDPR, you have the right to object to processing activities based on Art. 6 para. 1 letter e) or letter f) GDPR on grounds relating to your particular situation. If we process your personal data for the purpose of direct marketing, you may object to such processing pursuant to Art. 21 para. 2 and para. 3 GDPR.
II. Data Processing on our Website
During use of our website, we collect information that you provide yourself. We also automatically collect certain information about your use of the site during your visit to the site. In data protection law, the IP address is generally considered personal data. An IP address is assigned to each device connected to the internet by the internet provider so that it can send and receive data.
1. Hosting by Wix.com Ltd.
We use the website builder system by Wix.com Ltd. (Nemal St. 40, 6350671 Tel Aviv, Israel) to display and host our website. Insofar as this results in processing of personal data through the use of our website, Wix.com Ltd. is our processor. The personal data is processed on servers operated by Wix.com Ltd.
The use of this service may involve the transfer of personal data to Israel. For data transfer to Israel as a third country, i.e. a country in which the GDPR is not applicable law, the European Commission has determined that an adequate level of data protection is ensured in a so called adequacy decision pursuant to Art. 45 GDPR.
Insofar as Wix.com Ltd. transfers personal data to the US subsidiary Wix.com Inc. (500 Terry A. Francois Boulevard, 6th Floor, San Francisco, CA, 94158) or to a company in another third country in relation to performance which does not provide an adequate level of data protection according to the European Commission, Wix.com Ltd. will conclude standard contractual clauses with the recipients of data in order to provide appropriate safeguards ensuring an adequate level of data protection. These standard contractual clauses are part of our agreement with Wix.com Ltd. and are available at: https://www.wix.com/about/privacy-dpa-users.
For Wix.com Ltd.’s privacy policy go to https://www.wix.com/about/privacy.
2. Contact form
On our website we provide a contact form via which you can send us messages. The data entered is transferred encrypted (note the ‘https’ in the address bar of your browser). All data fields marked as mandatory are necessary to process your request. Failure to enter the necessary information results in us being unable to process your request. Providing further data is voluntary. Alternatively, you can send us an email via the contact email address. We process the data to process your request. If your request relates to the conclusion or execution of a contract with us Art. 6 para. 1 letter b) GDPR is the legal basis. Apart from that, we process your data based on our legitimate interest to reach out to persons submitting requests. Legal basis for this is Art. 6 para. 1 letter f) GDPR.
3. Cookies
We use cookies and similar technologies on our website. Cookies are small text files that are stored by your browser when you visit a website. This makes the browser identifiable so it can be recognised by our web server. You have full control over the use of cookies through your browser. You can delete the cookies in the security settings of your browser at any time. You can object to the use of cookies in general or for specific cases. The Federal Office for Information Security provides further information: https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrichtungSoftware/EinrichtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html
In part, the use of cookies is necessary to maintain functionality and operation of our website and therefore lawful without consent. An overview about the cookies used by our hosting provider Wix.com Ltd. is available at https://support.wix.com/en/article/cookies-and-your-wix-site.
4. Third party services and content
We use services and content (hereinafter collectively referred to as ‘content’) provided by third parties on our website. Processing your IP address is necessary for this processing enabling the content being sent to your browser. Thus, your IP address is sent to the respective third party provider. These processing activities serve our legitimate interest in optimization and economic operation of our website and are based on Art. 6 para. 1 letter f) GDPR. You can object to this data processing at any time by changing the settings of your browser or by using certain browser extensions. One such extension is the uMatrix matrix-based firewall for the Firefox and Google Chrome browsers. Please note that this may result in functional restrictions on the website.
We have implemented the content by the following third party providers on our website:
Google Maps by Google Ireland Limited (Ireland/EU) to display maps.
III. Data processing on our Social Media
We operate company pages on multiple social media platforms via which we want to inform on our company and create opportunities for customers to connect. We operate company pages on the following social media platforms:
-
LinkedIn
Visiting a company page on social media can result in your personal data being processed. The information in your social media account constitutes personal data. This also encompasses messages and statements made with the account. Additionally, certain information about your visit to a company page is often collected automatically during your visit which may also be personal data.
1. Visit to our LinkedIn Company Page
Generally, the LinkedIn Ireland Unlimited Company (Ireland/EU – ‘LinkedIn’) is the sole controller of the processing of your personal data relating to a visit to our LinkedIn page. Further information on LinkedIn processing personal data is available at https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
If you visit or follow our LinkedIn company page or interact with it in any other way, LinkedIn processes personal data to provide us with anonymised statistics and insights which enable us to gain knowledge about the ways in which interact with our page (so called ‘insights’). For this purpose, LinkedIn processes, in particular, such data that you already shared with LinkedIn by adding it to your profile like, for example, position, country, field of work, seniority, company size and employment status. Further, LinkedIn collects information on how you interact with our LinkedIn company page, for example whether you follow our LinkedIn company page. LinkedIn does not share personal data with us by providing us with the insights. We only have access to a summarized version of the insights. Also, we are unable to make conclusions about individual members from the information in the insights. LinkedIn and we are joint controllers of the processing regard the page insights. The processing serves our legitimate interest in analysing the ways in which people interact with our page and improving our page based on this. This finds its legal basis in Art. 6 para. 1 letter f) GDPR. We have concluded an agreement with LinkedIn on joint controllership in which the data protection duties are allocated between LinkedIn and us. The agreement is available via https://legal.linkedin.com/pages-joint-controller-addendum. The agreement stipulates the following:
-
LinkedIn enables you to exercise your rights pursuant to the GDPR. In order to do so, you can contact LinkedIn online via (https://www.linkedin.com/help/linkedin/ask/PPQ?lang=de) or via the contact details in the data protection guidelines. You can contact the Data Protection Officer of LinkedIn Ireland via the following link: https://www.linkedin.com/help/linkedin/ask/TSO-DPO. You can also reach out to us via the contact details mentioned above for the exercise of your rights relating to the processing of your personal data for insights. In such a case, we will forward your request to LinkedIn.
-
LinkedIn and we have agreed that the Irish data protection commission shall be the responsible supervisory authority monitoring the processing for insights. You always have the right to lodge a complaint with the Irish data protection commission (see www.dataprotection.ie) or any other supervisory authority.
Please note that user data is also processed in the USA and other third countries according to LinkedIn’s data protection guidelines. LinkedIn only transfers user data to countries for which the European Commission has made an adequacy decision pursuant to Art. 45 GDPR or based on appropriate safeguards pursuant to Art. 46 GDPR.
2. Comments and Direct Messages
Additionally, we process information which you provide us with via the respective social media platform. Such information can include the username, contact details or a message to us. Generally, we only process this personal data if we have expressly requested you to share this data with us like, for example, in connection with a survey or a lottery. We are the sole controller of such processing activities. We process this data in pursuit of our legitimate interest to reach out to persons submitting requests. The legal basis for this is Art. 6 para. 1 letter f) GDPR. Additionally, we might process such data shared with us for purposes of evaluation or marketing. Such processing is based on Art. 6 para. 1 letter f) GDPR and serve our legitimate interest to develop our product range and inform you about our product range. Further data processing can take place if you have consented (Art. 6 para. 1 letter a) GDPR) or if this serves to fulfil a legal obligation (Art. 6 para. 1 letter c) GDPR).
Last updated: October 2020