Privacy policy for the wta Carsten Weser GmbH website
Contents
Data protection declaration for the wta Carsten Weser GmbH website
1. Scope of application
2. Legal basis for data processing
Legal basis according to the General Data Protection Regulation (GDPR)
3. Data processing and legal basis
3.1 Data when visiting our website
3.1.1 Hosting services provided by third parties
3.1.2 Data deletion and storage duration
3.2 Contacting us by email or using the contact form
3.3 Contacting us as part of an application process
3.4 Data for newsletter registration
3.5 Data for registration for the member area / member area
4. Data transmission / data transfer to third parties
International data transfers
5. Cookies and similar technologies
Use of cookies
6. Use of analysis tools
Google Analytics
BloomReach
7. Other applications used
7.1 Google Fonts
7.2. Vimeo
7.3 Google reCAPTCHA
8. Rights of data subjects
9. Online presence of social media
9.1 Presence on Facebook page
9.2 Presence on Instagram page
9.3 Presence on LinkedIn page
9.4 Presence on YouTube page
10. Storage period and erasure
11. Security measures
12. Minors
13. Amendments to this privacy policy
Protecting your privacy is very important to us. The following document provides you with detailed information about how wta Carsten Weser GmbH; Simsonstraße 1; 98529 Suhl, operator of the following website www.wta-suhl.de, processes personal data
All terms used are not gender-specific.
Person responsible
Responsible for the processing of personal data in terms of data protection law:
wta Carsten Weser GmbH
Simsonstraße 1
98529 Suhl
Telephone: 03681-4529710
Email: info@wta-suhl.de
We recommend that you contact our data protection officer to assert your rights, report data protection incidents, make suggestions and complaints regarding the processing of your personal data, or to withdraw your consent.
We have appointed a data protection officer. You can contact him at datenschutz@wta-suhl.de, or write to the postal address provided, marking your letter ‘For the attention of the data protection officer’, with confidence.
wta Carsten Weser GmbH
Data protection officer
Simsonstraße 1
98529 Suhl
1. Scope of application
This data protection declaration applies to our website, which can be accessed under the domain www.wta-suhl.de (‘website’). It does not apply to the internet offers (from us or third-party service providers) that are merely referred to by a link on the website.
2. Legal basis for data processing
Legal basis according to the General Data Protection Regulation (GDPR)
Below you will find a brief overview of the legal bases under the GDPR that are relevant for EU citizens. In addition, special legal regulations may apply in your country of residence.
Legal bases
• Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR) - The data subject has given consent to the processing of his or her personal data for one or more specific purposes.
• Fulfilment of contract and pre-contractual enquiries (Art. 6 (1) (1) (b) GDPR) – The processing is necessary for the fulfilment of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Legal obligation (Art. 6 para. 1 sentence 1 lit. c) GDPR) - The processing is necessary to fulfil a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR) - The processing is necessary to safeguard the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail.
3. Data processing and legal basis
It is generally possible to visit our website without providing personal data. We collect, process and use your personal data on our website as follows:
3.1 Data when visiting our website
Every time you visit our website, the web server automatically stores a so-called server log file, which contains, for example, the name of the accessed URL, the user's IP address, the date and time of access, the browser used, the amount of data transferred, the http status code and the requesting provider (access data) and documents the retrieval.
This access data is only evaluated for the purpose of ensuring the smooth operation of the site and improving our services. This serves to safeguard our legitimate interests in the correct presentation of our services, which are overriding in the context of a weighing up of interests.
The data is not merged with other data records of the user.
3.1.1 Hosting services provided by third parties
As part of processing on our behalf, third-party providers provide us with hosting and website display services. This serves to safeguard our legitimate interests in the correct presentation of our offers and services, which are overriding in the context of a balancing of interests. This involves the processing of usage data (e.g. websites visited, interest in content, access times); meta, communication and process data (e.g. IP addresses, time stamps, identification numbers, consent status). Content data (e.g. entries in online forms) from users (e.g. website visitors, users of online services) for the purpose of providing our online services and user-friendliness; information technology infrastructure (operation and provision of information systems and technical devices (computers, servers, etc.)). Security measures are processed. The legal basis for the processing lies in our overriding legitimate interest.
3.1.2 Data erasure and storage duration
Your personal data will be deleted or blocked as soon as the purpose of storage no longer applies. Please note that we may be obliged by law to store certain data for the duration of the legally prescribed period due to statutory retention periods. The data will also be blocked or deleted if a storage period prescribed by the standards mentioned expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
3.2 Contacting us by email or using the contact form
If you contact us (e.g. using the contact form or by email), we will store and process the personal data that you provide to us in the email. This data is stored and used solely for the purpose of responding to your request or for establishing contact and for the associated technical administration. The processing of this data is carried out to fulfil a contract or pre-contractual measures (Art. 6 para. 1 lit. b. GDPR) or the processing is also in our legitimate interest (Art. 6 para. 1 lit. f GDPR), without any conflicting interests on your part, since the processing of these requests is in both our interests.
3.3 Your contact in the context of an application
If you are interested in working for our company and apply or have applied to us by email or post, we will process your personal data as part of the application process. We would like to explain our processing procedure to you below:
3.3.1 What data of yours do we process? And for what purposes?
We process the data that you have sent to us in connection with your application in order to check your suitability for the position (or, if applicable, other open positions in our company) and to carry out the application process.
3.3.2 What is the legal basis for this?
The legal basis for the processing of your personal data in this application process is primarily Article 6(1)(b) of the GDPR. Accordingly, the processing of data required in connection with the decision to establish an employment relationship is permissible. Should the data be required after completion of the application process, for example for legal proceedings, data processing may be carried out on the basis of the requirements of Art. 6 GDPR, in particular to safeguard legitimate interests in accordance with Art. 6 (1) point f GDPR. In this case, our interest lies in the assertion of or defence against claims. If special types of personal data within the meaning of Art. 9 GDPR are processed (e.g. health data), the legal basis is §26 para. 3 BDSG or Art. 9 para. 2 lit. b) GDPR in conjunction with Art. 6 para. 1 lit. b) GDPR.
3.3.3 How long will the data be stored?
In the event of a rejection, applicants' data will be deleted after six months. If you have agreed to the further storage of your personal data, we will transfer your data to our applicant pool. The data in the pool will be deleted after two years.
If you have been offered a job as part of the application process, the data will be transferred from the applicant data system to our human resources information system.
3.3.4 To which recipients will the data be forwarded?
Your application data will be reviewed by the human resources department after we receive your application. Suitable applications are then forwarded internally to the department heads for the respective open position. The next steps are then agreed. Within the company, only those persons who need access to your data for the proper execution of our application process have access to it.
3.3.5 Where is the data processed?
The data is processed exclusively in data centres in the Federal Republic of Germany.
Your rights as a data subject can be found in this data protection declaration under paragraph 9.
3.4 Data for newsletter registration
If you register for our newsletter service, we will store and process your personal data (email address, first name and last name if applicable) for the purpose of sending you the newsletter. The processing of this data is based on your consent (Art. 6 para. 1 lit. a GDPR) or is carried out for the purpose of fulfilling the contract (Art. 6 para. 1 lit. b GDPR). In this case, we will regularly send you promotional information about the services associated with our offers.
With the following information, we will explain to you the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedures and your rights of objection. By subscribing to our newsletter, you agree to the receipt and the described procedures.
We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter referred to as ‘newsletters’) only with the consent of the recipients or a legal permission. Insofar as the contents of a newsletter are specifically described in the context of registration, they are decisive for the consent of the users.
Registration for our newsletter is done in a so-called double opt-in procedure. This means that after registering, you will receive an email asking you to confirm your registration. This confirmation is necessary to prevent anyone from registering with someone else's email address. Registrations for the newsletter are logged in order to be able to prove that the registration process meets the legal requirements. This includes storing the registration and confirmation times, as well as the IP address.
The newsletter is sent using Intuit MailChimp, a brand of the Rocket Science Group, which operates a newsletter distribution and marketing platform for a US company.
When using this platform, your data is transmitted to the platform operator Intuit Mailchimp 405 N Angier Ave. NE Atlanta, GA 30308 United States of America and processed on their servers. The transmission and processing are carried out with your consent. The service provider is bound by our instructions on the basis of standard contractual clauses and has implemented additional security measures https://mailchimp.com/de/legal.
The newsletter is sent by Brevo, a brand of Sendinblue GmbH, which operates an all-in-one platform for customer relationship management.
When using this platform, your data is transmitted to the platform operator Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, and processed on their servers. The transmission and processing are carried out with your consent. The service provider is bound by our instructions on the basis of a data processing agreement and has implemented additional security measures Brevo_Privacy Policy.
Subscription data
To subscribe to the newsletter, you only need to provide your email address, name and first name.
The newsletters contain a so-called ‘web beacon’, i.e. a pixel-sized file that is retrieved from the server when the newsletter is opened. As part of this retrieval, technical information such as information about the browser and your system, as well as your IP address and the time of the retrieval, are initially collected. This information is used for technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times.
The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our intention to observe individual users. The evaluations help us to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.
There are cases in which we redirect newsletter recipients to the websites of the above-named provider. For example, our newsletters contain a link that newsletter recipients can use to access the newsletter online (e.g. in the event of display problems in the e-mail programme). Furthermore, newsletter recipients can correct their data, such as their email address, at a later point in time. Brevo's privacy policy is also only available on their website.
In this context, we would like to point out that cookies are used on the websites of the named provider and that personal data is processed by the provider, its partners and service providers (e.g. Google Analytics). We have no influence on this data collection. Further information can be found in Intuit Mailchimp's privacy policy https://mailchimp.com/de/legal. We would also like to draw your attention to the options for objecting to data collection for advertising purposes on the websites http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (for the European area)
In this context, we would like to point out that cookies are used on the websites of the named provider and that personal data is therefore processed by the provider, its partners and service providers (e.g. Google Analytics). We have no influence over this data collection. Further information can be found in the data protection declaration Brevo_Datenschutzrichtlinie from Sendinblue GmbH. We would also like to draw your attention to the possibilities for objecting to data collection for advertising purposes on the websites http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/.
Cancellation of the newsletter
You can cancel your subscription to our newsletter at any time, i.e. revoke your consent. This simultaneously cancels your consent to its distribution and statistical analyses. Unfortunately, it is not possible to revoke consent to distribution or statistical analyses separately.
You can also unsubscribe from the newsletter at any time by clicking on the button on the following website https://wta-suhl.de/newsletter, by contacting the address given in section 1. or by using the unsubscribe link at the end of each newsletter. Once you have unsubscribed, your e-mail address will be immediately deleted from our newsletter distribution list.
After you have cancelled your subscription, we block your email address, unless you have expressly consented to further use of your data or we reserve the right to use the data in a manner that goes beyond this, which is permitted by law and about which we inform you in this statement.
3.5 Data for registering for the customer area
In order to offer you a better service, we have an exclusive customer area with various downloads related to our products and services.
You can register after you have successfully registered. You can do this via the email address mentioned in point 1.
After you have been set up as a registered user, the download area will be available. To register, we need your first name, last name, email address and language.
If you are no longer interested in this option, you can declare your revocation at any time via info@wta-suhl.de. You will then be blocked as a user and your data will be deleted after 2 years at the latest.
If you do not log in within 2 years, your account will be automatically deactivated and deleted without the need for prior notification. / If you do not log in within 2 years, your account will be automatically deactivated and deleted after prior contact with wta and negative feedback.
4. data transmission / data transfer to third parties
We do not pass on any personal data to third parties unless this is necessary to fulfil the contract (e.g. transmission of address data to the shipping company for orders), otherwise permitted by relevant legal provisions or you have given your consent.
The recipients of this data may also include, among others, service providers contracted to carry out IT tasks or providers of services and content that are integrated into a website. In such cases, we comply with the legal requirements and, in particular, conclude appropriate contracts or agreements with the recipients of your data that serve to protect your data.
International data transfers
According to the GDPR, exceptions for the disclosure of data abroad may be permitted if certain conditions are met, including the consent of the data subject, performance of a contract, public interest, protection of life or physical integrity, publicly disclosed data or data from a legally provided register. These disclosures will always be made in accordance with legal requirements.
In accordance with the GDPR, we only disclose personal data abroad if the data subjects are guaranteed an adequate level of protection. If the EU Commission does not determine an adequate level of protection, we will take alternative security measures. These may include international treaties, specific guarantees, data protection clauses in contracts, standard data protection clauses approved by the EU or internal company data protection regulations that have been recognised in advance by a competent data protection authority in another country.
If we process data in a third country (i.e. outside the European Union (EU), the European Economic Area (EEA)) as defined by the GDPR, or if the processing takes place in the context of the use of third-party services or the disclosure or transfer of data to other persons, bodies or companies, this will only be carried out in accordance with the legal requirements.
Subject to your express consent or contractually or legally required transfers (see Art. 49 GDPR), we only allow the data to be processed in third countries with a recognised level of data protection (Art. 45 GDPR), if contractual obligations are met by means of so-called standard protection clauses of the EU Commission (Art. 46 GDPR) or if certifications or binding internal data protection regulations are in place (see Art. 44 to 49 GDPR, information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).
The EU-US Trans-Atlantic Data Privacy Framework: The EU Commission has recognised the data protection level as secure for certain companies from the USA as part of the adequacy decision. The list of certified companies and further information on the DPF can be found on the website of the US Department of Commerce at https://www.dataprivacyframework.gov/ (in English).
Please note that your data will be transferred and processed outside of Europe, including Canada and the United States, for the purpose of contract execution (e.g. when you place an order via the website) or to pursue our stated legitimate business interests.
5. Cookies and similar technologies
Use of cookies
We use cookies on various pages to make visiting our websites more attractive and to enable the use of certain functions, to display suitable products or for market research. This serves to safeguard our legitimate interests in an optimised presentation of our offer, which are overriding in the process of balancing of interests.
Cookies are small text files that are automatically stored on your end device. Some of the cookies we use are deleted after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on the user's device and enable us to recognise the browser the next time you visit (persistent cookies).
You can view the duration of storage, type of cookies, etc. in our Cookie Policy (available via the link under the fingerprint symbol); alternatively, you can find an overview in the cookie settings of your web browser.
Technically necessary cookies are required when using our websites and you cannot deselect these. You can give your consent to the use of all other cookies. You can revoke this consent at any time by
1. You can view and edit your privacy history or revoke your consent on the website. To do this, click on the ‘fingerprint’ button on the website.
2. Change your consent here https://wta-suhl.de/#consent-change
3. Exclude the acceptance of cookies in your browser settings and delete cookies that have already been set.
However, if you do not accept cookies, the functionality of our website may be limited. You can also set your browser so that you are informed when cookies are set and can decide whether to accept them individually, or to generally exclude the acceptance of cookies for certain cases or certain websites.
Each browser differs in the way it manages cookie settings. Further information on cookies and how to accept or reject them can be found at the following links for the relevant browser providers:
• Internet Explorer™: http://windows.microsoft.com/de-DE/windows-vista/Block-or- allow-cookies
• Safari™: https://support.apple.com/kb/ph21411?locale=de_DE
• Chrome™: http://support.google.com/chrome/bin/answer.py?hl=de&hlrm=en&answer=95647
• Firefox™: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
• Opera™: http://help.opera.com/Windows/10.20/de/cookies.html
An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info or https://www.youronlinechoices.com/.
When cookies are used, your data may be transferred to recipients outside the EEA where there is no adequate level of data protection in accordance with the GDPR.
We use a cookie consent management process to obtain users' consent to the use of cookies and similar technologies and the processing and providers mentioned in the cookie consent management process, which can also be managed and withdrawn by users. The declaration of consent is stored so that it is not necessary to repeat the request and so that the consent can be proven in accordance with the legal obligation. The storage can be done on the server side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) in order to be able to assign the consent to a user or their device. Subject to individual information from the providers of cookie management services, the following information applies: The duration of the storage of the consent can be up to two years. In this case, a pseudonymous user identifier is created and stored with the time of consent, information on the scope of consent (e.g. which categories of cookies and/or service providers) as well as the browser, system and end device used.
• DO NOT TRACK: We would like to point out that we do not change the data collection and use procedures of our website when we receive a ‘Do Not Track’ signal from your browser.
6. Use of analysis tools
When using analysis tools, your data may be transferred to recipients outside the EEA where there is no adequate level of data protection in accordance with the GDPR.
Google Analytics
If you have given your consent, this website uses Google Analytics, a web analysis service provided by Google LLC. The responsible body for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’).
Scope of processing
Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by cookies about your use of this website is usually transferred to a Google server in the United States and stored there.
Google Analytics anonymises IP addresses by default. Due to IP anonymisation, your IP address will be truncated by Google within the area of Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and truncated there. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
During your visit to our website, your user behaviour is recorded in the form of ‘events’. Events can be:
• Page views
• First visit to the website
• Start of the session
• Your ‘click path’, interaction with the website
• Scrolls (whenever a user scrolls to the bottom of the page (90%))
• Clicks on external links
• Internal search queries
• Interaction with videos
• File downloads
• Seen/clicked ads
• Language setting
The following is also recorded:
• Your approximate location (region)
• Your IP address (in abbreviated form)
• Technical information about your browser and the devices you use (e.g. language settings, screen resolution)
• Your internet service provider
• the referrer URL (via which website/advertising medium you came to this website)
Purpose of the processing
On behalf of the operator of this website, Google will use this information for the purpose of evaluating your pseudonymous use of the website and for compiling reports on website activity. The reports provided by Google Analytics serve to analyse the performance of our website and the success of our marketing campaigns.
Recipient
Recipients of the data are/may be Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor in accordance with Art. 28 GDPR) Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
It cannot be ruled out that US authorities may access the data stored by Google.
Third-country transfer
Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. It cannot be ruled out that data may be transmitted to the USA and that US authorities may access data stored by Google. From a data protection perspective, the USA is currently considered a third country. You do not have the same rights there as you do within Switzerland, the EU or the EEA. You may not have any legal remedies against access by authorities.
Storage duration
The data sent by us and linked to cookies is automatically deleted after 14 months. Data that has reached the end of its storage period is automatically deleted once a month.
Legal basis
The legal basis for this data processing is your consent in accordance with §25 para. 1 TDDDG, as well as Art.6 para.1 p.1 lit.a DSGVO.
Revocation
You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The legality of the processing carried out on the basis of the consent until the revocation remains unaffected.
You can also prevent the storage of cookies from the outset by making the appropriate settings in your browser software. However, if you configure your browser to reject all cookies, this may result in a reduced functionality of this and other websites. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by
a. not giving your consent to the setting of cookies or
b. download and install the browser add-on to disable Google Analytics. (https://tools.google.com/dlpage/gaoptout)
For more information about Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/de/ and https://policies.google.com/?hl=de.
Bloom
Bloom allows us to display prompts to subscribe to our newsletter based on the content of the page and the visitor's behaviour. Cookies are used to remember which prompts have already been displayed.
Scope of processing
Information that may be processed by Bloom can be categorised as follows:
Information that may be voluntarily provided by the user:
• personal data (such as name, email address, phone number)
• personal data collected offline with the user's consent (when attending an event, during phone calls with sales representatives)
Information that may be collected automatically from the user:
• Collection of device data when using the websites (tracking technologies or cookies)
• Collection of IP address, device type, websites accessed and links clicked
In addition, the following can be recorded:
• Metrics that monitor application performance during the session, e.g. page load time.
• Metrics to monitor in-app interactions and engagement, e.g. actions, clicks or invitations.
Purposes of processing
• To respond to inquiries, or to provide information that users have requested.
• To send administrative or account information to users.
• To communicate service updates to users.
• To maintain the website and adapt the website to users' needs.
• To communicate with users via postal mail, telephone, and/or email to provide marketing and promotional content (in accordance with your marketing preferences)
• To comply with and enforce applicable legal requirements, agreements, and policies.
• To prevent, detect, identify, investigate, respond to and protect against potential or actual claims, liabilities, prohibited conduct and criminal activity.
• For other business purposes, such as data analysis, identifying usage trends, determining the effectiveness of our marketing and to expand, customise and improve our websites, products and services.•
Recipients
Recipients of the data are/may be Elegant Themes, Inc. at 977 West Napa Street #1002, Sonoma, CA 95476 (as a processor in accordance with Art. 28 GDPR).
Third-country transfer
If data is processed outside the EU/EEA and there is no level of data protection that meets European standards, we have concluded standard contractual clauses with the service provider to ensure an adequate level of data protection. The parent company of Elegant Themes, Inc. is located at 977 West Napa Street #1002, Sonoma, CA 95476, USA. The possibility of data being transmitted to the USA and accessed by US authorities cannot be ruled out. From a data protection perspective, the USA is currently considered a third country. You do not have the same rights there as you do within Switzerland, the EU or the EEA. You may not have any legal recourse against access by authorities.
Storage duration
Bloom stores user data in accordance with the applicable data protection laws, including the General Data Protection Regulation (GDPR). The storage duration depends on the type of data and the purpose of its processing. In general, Bloom only stores personal data for as long as is necessary to fulfil the respective purposes.
Legal basis
The legal basis for this data processing is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.
Revocation
You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. The legality of the processing carried out on the basis of the consent until revocation remains unaffected.
You can also prevent the storage of cookies from the outset by adjusting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a limited functionality of this and other websites. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) for Bloom as well as the processing of this data by Bloom by
c. do not give your consent to the setting of the cookie
For more information about Bloom's terms of use and data protection, please see Privacy Policy | elegantthemes
7. Other applications used
7.1 Google Fonts
Our website uses Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, to ensure an appealing display of fonts. Google Fonts are hosted locally on our server and provided via a corresponding plug-in. This means that no connection is made to Google's servers and no personal data is transmitted to Google. The fonts are therefore used in a data protection-compliant manner, without external data transfer.
8. Rights of data subjects
As EU citizens, you have various rights as data subjects under the GDPR, which arise in particular from Articles 15 to 21 of the GDPR:
• Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
• Right to withdraw consent: You have the right to withdraw consent at any time.
• Right of access: You have the right to request confirmation as to whether the data in question is being processed and to request information about this data, as well as further information and a copy of the data in accordance with legal requirements.
• Right to rectification: You have the right, in accordance with legal requirements, to request the completion of data concerning you or the rectification of inaccurate data concerning you.
• Right to erasure and restriction of processing: You have the right, in accordance with the law, to demand that data concerning you be erased immediately or, alternatively, to demand that the processing of the data be restricted in accordance with the law.
• Right to data portability: You have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to demand its transmission to another controller in accordance with the legal requirements.
• Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the provisions of the GDPR. You can also address your complaint to the data protection supervisory authority in your federal state.
9. online presence of social media
We maintain so-called fan pages or accounts or channels on the aforementioned networks in order to provide you with information and offers within social networks and to offer you further ways to contact us and find out about our offers. In the following, we will inform you about which of your data we or the respective social network processes when you access and use our fan pages/accounts.
Data that we process about you
If you wish to contact us via Messenger or via Direct Message on the respective social network, we will usually process your user name, which you use to contact us, and may store other data you provide as necessary to process/respond to your request.
The legal basis is Art. 6 para. 1 sentence 1 f) GDPR (processing is necessary to safeguard the legitimate interests of the controller).
(Static) usage data that we receive from social networks
We receive automatically provided statistics regarding our accounts via Insights functionalities. The statistics include, among other things, the total number of page views, likes, page activity and post interactions, reach, video views/views, and information on the proportion of men/women among our fans/followers.
The statistics only contain aggregated data that cannot be linked to individual persons. They are not identifiable to us in this way.
Which of your data are processed by the social networks
To view the contents of our fan pages or accounts, you do not need to be a member of the respective social network and, to this extent, no user account for the respective social network is required.
Please note, however, that when you access a social network, the social networks also collect and store data from website visitors without a user account (e.g. technical data in order to be able to display the website) and use cookies and similar technologies, over which we have no influence. You can find details on this in the data protection provisions of the respective social network (see the corresponding links above).
If you wish to interact with the content on our fan pages/accounts, e.g. comment on, share or like our posts and/or contact us via messenger functions, you must first register with the respective social network and provide personal data.
We have no influence on the data processing by the social networks in the context of your use. To the best of our knowledge, your data is stored and processed in particular in connection with the provision of the services of the respective social network, and also for the purpose of analysing user behaviour (using cookies, pixels/web beacons and similar technologies) on the basis of which advertising based on your interests is displayed both within and outside the respective social network. It cannot be ruled out that your data may also be stored by the social networks outside the EU/EEA and passed on to third parties.
Information on the exact scope and purposes of the processing of your personal data, the storage period/deletion and guidelines for the use of cookies and similar technologies in the context of registration and use of the social networks can be found in the data protection/cookie guidelines of the social networks. There you will also find information about your rights and options for objection.
9.1 Presence on Facebook page
When you visit our Facebook page, Meta collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook page, with statistical information about the use of the Facebook page. Facebook provides more detailed information on this at the following link: Insights | Facebook Help Center
The statistical information transmitted does not allow us to draw any conclusions about individual users. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality.
We collect your data via our fan pages only to enable you to communicate and interact with us. This collection usually includes your name, message content, comment content and the profile information you have made ‘publicly’ available.
The processing of your personal data for our above-mentioned purposes is based on our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 (1) point f GDPR. If you, as a user, have given your consent to the respective social network provider for data processing, the processing extends to this legal basis (Art. 6 (1) point a GDPR).
Due to the fact that the actual data processing is carried out by the social network provider, our access to your data is limited. Only the social network provider is authorised to access your data in full. As a result, only the provider can directly take and implement appropriate measures to fulfil your user rights (requests for information, deletion, objection, etc.). The most effective way to assert such rights is therefore to do so directly with the respective provider.
We, together with Meta, are responsible for the personal content of the fan pages. Data subjects can assert their rights with us or with Meta Ireland.
The primary responsibility for the processing of Insights data lies with Meta according to the GDPR and Meta fulfils all obligations under the GDPR with regard to the processing of Insights data, Meta Ireland provides the essentials of the page insights supplement to the data subjects.
We do not make any decisions regarding the processing of Insights data and all other resulting information, including the legal basis, identity of the person responsible and storage duration of cookies on user terminals.
Further information can be found directly on Facebook (supplemental agreement with Facebook): https://www.facebook.com/legal/terms/page_controller_addendum.
9.2 Instagram page presence
When you visit our Instagram pages, Instagram collects, among other things, your IP address and other information that is stored on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about the use of the Instagram page. Instagram provides more detailed information on this at the following link: Insights | Facebook Help Center
The statistical information transmitted does not allow us to draw any conclusions about individual users. We only use this information to respond to the interests of our users and to continuously improve our online presence and ensure its quality.
We collect your data via our fan pages only to enable you to communicate and interact with us. This collection usually includes your name, message content, comment content and the profile information you have made ‘publicly’ available.
The processing of your personal data for our above-mentioned purposes is carried out on the basis of our legitimate business and communicative interest in offering an information and communication channel in accordance with Art. 6 (1) f) GDPR. If you, as a user, have given your consent to the respective social network provider for data processing, the processing extends to this legal basis (Art. 6 (1) a) GDPR).
Due to the fact that the actual data processing is carried out by the social network provider, our access to your data is limited.
Only the social network provider is authorised to access your data in full. As a result, only the provider can directly take and implement appropriate measures to fulfil your user rights (requests for information, deletion, objection, etc.).
The most effective way to assert such rights is therefore directly with the respective provider.
We are jointly responsible with Instagram for the personal content of the fan page. Data subjects can assert their rights with Meta Ireland and with us.
Meta has primary responsibility for the processing of Insights data and Meta fulfils all obligations under the GDPR with regard to the processing of Insights data. Meta Ireland provides the data subjects with the essentials of the Page Insights supplement.
We do not make any decisions regarding the processing of Insights data and all other information that arises, including the legal basis, identity of the controller and storage period of cookies on user terminals.
Further information can be found directly at Instagram (supplemental agreement with Facebook) https://www.facebook.com/legal/terms/page_controller_addendum.
9.3 Presence on LinkedIn page
Our company operates a social media channel on the LinkedIn platform.
According to the judgment of the European Court of Justice (ECJ) of 5 June 2018, Az. C-210/16, the operator of social media pages is at least jointly responsible for data processing within the meaning of Art. 26 GDPR, at least in the case of Facebook fan pages.
So far, we are not aware of the fact that LinkedIn offers an agreement that meets the requirements of Art. 26.
We only process your data if you contact our human resources department via the LinkedIn platform or apply for an advertised position via LinkedIn for the aforementioned purposes. In this case, LinkedIn collects your data and makes it available to us.
The legal basis for the processing of personal data is, depending on the case, the processing for the purpose of initiating and executing a contract with you or on the basis of our legitimate interest in communicating with users and our external presentation for advertising purposes.
If you have given the social network provider consent to the data processing described above with effect for us, the legal basis is Art. 6 (1) point a GDPR.
In some circumstances, we may also store and further process this data.
Furthermore, we may collect data from visitors to our company website, provided that the display as a visitor can be defined as processing. However, we do not store this data on our own systems, nor is it systematically further processed beyond occasional inspection.
Our information regarding the responsible party, the data protection officer and the declaration of your rights as a data subject apply to these processing steps.
For any further processing, we would like to point out that the data protection declaration of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter: LinkedIn) applies to our LinkedIn company page.
Further information on the processing of personal data by LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy.
9.4 Presence on YouTube page
We operate a channel on the ‘YouTube’ platform of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’).
With this privacy policy, we would like to inform you about how your personal data is processed via this social media channel (https://www.youtube.com/@wtasuhl) and who has access to the data you have stored.
As the operator of this social media channel, WTA Suhl is also the controller in terms of data protection law. This means that WTA Suhl is also responsible for ensuring that your data is processed lawfully via this channel and that you can also exercise your rights regarding your data vis-à-vis WTA (cf. Art. 26 GDPR). Data about you may be collected through cookies via this social media channel, regardless of whether you have an account with YouTube or not.
Cookies are data packages that mark the user's computers, smartphones and other end devices with a specific identifier. They are regularly stored on the user's end device when visiting a YouTube channel, including our channel. The information stored in the cookies is received, recorded and processed by YouTube, in particular when the user visits the YouTube services, services provided by other members of the group and services provided by other companies that use YouTube services. In addition, other entities such as YouTube partners or even third parties on the YouTube services may use cookies to provide services to companies advertising on YouTube. For more information about how YouTube uses cookies, please see their privacy policy.
Cookies are primarily used to enable YouTube channels to display personalised advertising to visitors, for example. This is done by showing the user on our YouTube channel ads from YouTube advertising partners whose websites the user has previously visited. In addition, cookies make it possible to generate statistics about the use of a social media profile, so that YouTube and WTA can track the use of a social media channel.
The collection of your data by cookies when using the social media channel is not required by law or contract. Nor is it necessary for the conclusion of a contract. There is therefore no obligation to transfer your data to YouTube.
However, if you do not provide your data (e.g. by blocking cookies), we will not be able to offer you our social media channel or only to a limited extent. WTA operates this YouTube channel to present itself to and communicate with YouTube users and other interested parties who visit this YouTube channel.
The processing of users' personal data is based on WTA's legitimate interest in an optimised company presentation (Art. 6 para. 1 lit. f DSGVO). Your data may be passed on to Google Inc. in the USA via cookies. Google is certified for the EU-US Privacy Framework, i.e. Google must comply with a data protection standard for users in Europe that has been deemed comparable to the European standard by the European Commission.
Google is also bound to us by standard contractual clauses, thereby offering a guarantee of compliance with European data protection law.
YouTube users can use the advertising preferences settings to control the extent to which their user behaviour may be tracked when they visit our YouTube channel. Further options are offered by the YouTube settings or the opt-out form. The processing of information by means of the cookies used by YouTube can also be prevented by not allowing cookies from third-party providers or from YouTube in your own browser settings.
Further information on the handling of user data can be found in Google's privacy policy at: https://www.google.de/intl/de/policies/privacy.
9.5 Presence on X-Page (formerly Twitter)
We use the platform ‘X’ (formerly Twitter), operated by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, to communicate with users, prospects and customers and to provide information about our services. In doing so, user data may be processed outside the European Union. We would like to point out that the USA, as a third country within the meaning of the GDPR, does not offer a level of data protection comparable to that in the EU.
Responsibility and data processing
When you visit our account on X, personal data is processed by X. This includes, among other things:
• Your IP address,
• Information about your end device,
• Interactions with our account (e.g. likes, retweets or comments).
We have no influence over the data processing carried out by X. For more information about the processing of personal data by X, please refer to the X privacy policy at: https://x.com/de/privacy.
Legal basis
Our presence on X is used for public relations and communication in accordance with Art. 6 (1) point f GDPR (legitimate interest). If you interact with us via X, the data processing is carried out on the basis of your consent in accordance with Art. 6 (1) point a GDPR.
Your rights
You can assert your rights (e.g. information, deletion, restriction of processing) against X directly. For inquiries regarding our use of the platform, you can contact us via the contact details given in the imprint.
9.6 Presence on Pinterest
We use the Pinterest platform, operated by Pinterest Inc., 505 Brannan Street, San Francisco, CA 94107, USA, to communicate with users, prospects and customers and to provide information about our services.
In doing so, personal data of users may be processed outside the European Union. We would like to point out that the USA, as a third country within the meaning of the GDPR, does not offer a level of data protection comparable to that in the EU.
Responsibility and data processing
When you visit our account on Pinterest, personal data is processed by Pinterest. This includes, among other things:
• Your IP address,
• Information about your device,
• Interactions with our account (e.g. ‘pins’, comments or sharing our content)
We have no influence over how Pinterest processes this data. For more information about how Pinterest processes personal data, please see Pinterest's privacy policy at: https://policy.pinterest.com/privacy-policy.
Legal basis
Our presence on Pinterest is for public relations and communication purposes in accordance with Art. 6 (1) (f) GDPR (legitimate interest). If you interact with us via Pinterest, the data processing is carried out on the basis of your consent in accordance with Article 6(1)(a) GDPR.
Your rights
You can assert your rights (e.g. access, erasure, restriction of processing) against Pinterest directly. For enquiries regarding our use of the platform, you can contact us using the contact details provided in the imprint.
10. Storage period and erasure
We store personal data for as long as the data subject gives us their consent to do so, as long as it is necessary for the processing of the corresponding legal relationship and/or as long as it is legally required. After that, the personal data is deleted in the best possible and most appropriate way.
After complete processing of the contract or deletion of an account, the associated data for further processing is restricted and deleted after expiry of the tax and commercial retention periods, unless you have expressly consented to further use of your data or we reserve the right to use data that goes beyond this, which is permitted by law and about which we inform you in this declaration. You can delete your account at any time, either by sending a message to the contact option described in the imprint or by using the designated function in the account.
11. Security measures
We take appropriate technical and organisational measures in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical and electronic access to the data, as well as the access, input, disclosure, safeguarding of availability and its separation.
Furthermore, we have set up procedures to ensure that the rights of data subjects are exercised, that data is deleted and that action is taken in response to data being compromised. In addition, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection, through technology design and data protection-friendly default settings.
12. Minors
This website and its offers are not directed at persons under the age of 18. They should only transmit personal data with the consent of their parents or legal guardians.
13. Changes to this data protection declaration
This data protection declaration will be adapted or changed as far as legally and/or actually necessary.
Suhl, last updated on 25/03/2025