The Welte GmbH in Freiburg attaches great importance to compliance with data protection regulations. The use of our internet pages is basically possible without any indication of personal data. However, if you wish to make use of special services via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we will seek your consent.
As the responsible body, we have implemented numerous technical and organizational measures to ensure the most complete possible protection for personal data processed via this website. Nevertheless, Internet-based data transmissions (e.g. e-mail) can always have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are at any time to transmit personal data to us in alternative ways, for example by telephone or by post.
a) Personal Data
Personal data are all information relating to an identified or identifiable natural person ((hereinafter “data subject” or direct contact, e.g. “you”)Identifiable is a natural person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
b) Affected Person
Affected person means any identified or identifiable natural person whose personal data is processed by the controller.
Processing means any operation or series of operations carried out with or without the aid of automated procedures in relation to personal data, such as the collection, acquisition, organisation, sorting, storage, adaptation or alteration, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, comparison or linking, restriction, erasure or destruction.
d) Restriction of processing
Restriction of the processing is the marking of stored personal data with the aim of restricting their future processing.
Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be assigned to a particular data subject without the use of additional information, provided that this additional information is kept separately and is subject to technical and organizational measures which ensure that the personal data are not assigned to an identified or identifiable natural person.
f) Responsible Body
The controller or responsible body shall be the natural or legal person, authority, body or other body which alone or jointly with others decides on the purposes and means of processing personal data. Where the purposes and means of such processing are laid down by Union law or by the law of the Member States, the controller or the specific criteria for his appointment may be laid down in accordance with Union law or the law of the Member States.
Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller.
Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities which may receive personal data under Union law or the law of the Member States within the framework of a particular investigation mandate shall not be regarded as recipients.
i) Third Person
Third is a natural or legal person, public authority, body or body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or the processor to process the personal data.
Consent is any voluntarily given and unambiguously expressed consent in the form of a statement or other unambiguous confirmatory act on a voluntary basis by the data subject for the particular case, by which the data subject indicates that they are involved in the processing of the person concerned personal data.
Name and address of the controller:
Name and address of the controller within the meaning of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions with data protection character is:
Am Schloss 4
You can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies, that have already been set, can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If you deactivate the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.
Collection of general data and information via the website
When you visit our website, our system collects a range of general data and information. This general data and information is stored in the log files of the server. We may record (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites which are accessed via an accessing system on our website (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information used for security purposes in the event of attacks on our information technology systems.
When using this general data and information, we do not draw any conclusions about you as the person concerned. Rather, this information is required to (1) correctly deliver the contents of our website, (2) optimize the contents of our website and advertising for it, (3) ensure the permanent functionality of our information technology systems and the technology of our website, and ( 4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack. We therefore evaluate this anonymously collected data and information statistically and also with the aim of increasing data protection and data security in our company in order ultimately to ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.
Contact via the website
Our website contains a contact form which enables us to make quick electronic contact with our company and to communicate directly with us, which also includes a general address of the so-called electronic mail (e-mail address). If a person concerned contacts us by e-mail or via a contact form, the personal data transmitted by the person concerned will be stored automatically. Such personal data, voluntarily provided by a data subject to the controller, will be stored for the purpose of processing or contacting the data subject. This personal data is not passed on to third parties.
Use of Newsletters
If you subscribe to our newsletter, you agree to the receipt and the following methods of sending the newsletter by consent.
We send e-mails with promotional contents (hereinafter “newsletter”) only with the consent of the recipient, which he has given by recorded consent or a legal permission. Insofar as the contents of a newsletter are concretely described, they are authoritative for the consent of the users. Incidentally, our newsletter contains information about our services and us.
Registration for our newsletter is done in a double opt-in procedure. This means you will receive an email after logging in to ask for confirmation of your registration. This confirmation is necessary so that nobody can register with external e-mail addresses. The registration for the newsletter will be logged in order to prove the registration process according to the legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address. Likewise, changes to your data stored with the shipping service provider will be logged. Credentials:
To subscribe to the newsletter, it is sufficient to provide your e-mail address. Optionally, we ask you to give a name in the newsletter for personal address.
The dispatch of the newsletter and the related performance measurement is based on a consent of the recipient acc. Art. 6 para. 1 lit. a), Art. 7 GDPR i.V.m. § 7 (2) Nr. 3 UWG or on the basis of the legal permission acc. § 7 (3) UWG.
The logging of the registration process is based on our legitimate interests in accordance with. Art. 6 para. 1 lit. f) GDPR. Our interest lies in the use of a user-friendly and secure newsletter system, which serves our business interests as well as meeting the expectations of users and allows us to provide proof of consent.
You may withdraw your consent to receive our newsletter at any time in writing, by phone or by e-mail. You will find the link to unsubscribe from the newsletter at the end of each newsletter. We may save the submitted email addresses for up to four years based on our legitimate interests before we delete them to provide prior consent. The processing of this data is limited to the purpose of a possible defense against claims. An individual request for cancellation is possible at any time, provided that at the same time the former existence of a consent is confirmed.
On our website, we use the SSL encryption to protect your transmitted data (example.g., via the contact form) in the best possible way against unauthorized third-party access. Such a secure connection can be identified by the prefix “https: //” in the URL of your address line, e.g.:
For unencrypted, the prefix looks like this: “http: //”
Deletion and blocking of personal data
We only store your personal data for as long as it is necessary for the purpose of storage or insofar as this has been provided for by the European Directive and Regulation Giver or another legislator in laws or regulations to which we are subject.
If the storage purpose no longer applies or if a storage period prescribed by the European Directive and Regulation Giver or another competent legislator expires, your personal data will be blocked or deleted in accordance with the statutory provisions.
Rights of the Data Subject
a) Right to Information
You have the right, granted by the European directive and regulatory authority, to obtain free information from us at any time as to whether we store personal data about you.
If so, you have the right to the following information:
The processing purposes, the categories of personal data being processed, the recipients or categories of recipients to whom the personal data are or will be disclosed, in particular to recipients in third countries or international organizations, if possible, the planned duration for which personal data is stored or, if this is not possible, the criteria for determining that duration, the right of rectification or erasure of the personal data concerning them or restriction of processing or a right of objection to such processing processing the existence of a right of appeal to a supervisory authority, , if the personal data is not collected from the data subject: All available information on the origin of the data the existence of a right to appeal to a supervisory authority an automated decision making including profiling in accordance with Article 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.
If you would like to assert your right to information, you can contact one of our employees at any time.
b) Right to Rectification
Any person affected by the processing of personal data you have the right granted by the European directive and regulatory authority to demand the immediate correction of incorrect personal data concerning you. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.
If you would like to exercise your right to rectification, you can contact one of our employees at any time.
c) Right of Deletion (right to be forgotten)
You have the right, granted by the European directive and regulatory authority, to require us to delete your personal data immediately, if one of the following reasons applies and if processing is not necessary:
- If one of the above reasons applies and you wish to have your personal data stored by us deleted, you may contact one of our employees at any time.
- If we have made the personal data public and our company as the responsible party is obliged to delete the personal data in accordance with Art. 17 para. 1 DS-GMO, we will take appropriate measures to inform other responsible parties (e.g. contractors) who process your published personal data that you have requested that these other responsible parties delete your personal data, copies or thereof, taking into account the available technical possibilities and the implementation costs. This happens, as far as the processing is not necessary due to other legal regulations. Your personal data has been collected or otherwise processed, for such purposes for which they are no longer necessary.
- You withdraw your consent on which the processing was based pursuant to Article 6(1)(a) DS GMOs or Article 9(2)(a) DS GMOs, and there is no other legal basis for the processing. You oppose processing pursuant to Article 21(1) DS-GMO and there are no overriding legitimate grounds for processing or the data subject opposes processing pursuant to Article 21(2) DS-GMO. Your personal data has been processed unlawfully.
- The deletion of your personal data is necessary, to fulfill a legal obligation under Union law or the law of the Member State to which we as the data controller are subject.
- The personal data was collected in relation to information society services offered in accordance with Art. 8 para. 1 DS-BER.
You have filed an objection against the processing pursuant to Art. 21 para. 1 DS-GMO and it is not yet clear whether the legitimate reasons of us as the responsible party outweigh those of you as the data subject. If you would like to exercise your right to restrict processing, you can contact one of our employees at any time.
d) Right to Limitation of Processing
You have the right, granted by the European regulator, to require us to restrict processing if one of the following conditions is met: One of the above conditions applies and you require the restriction of personal data stored by us.
- One of the above conditions applies and you require the restriction of personal data stored by us.
- The accuracy of your personal data is disputed by you, for a period of time that enables us, as the data controller, to verify the accuracy of the personal data.
- The processing is unlawful, you refuse to delete your personal data and instead demand a restriction on the use of your personal data.
- We no longer need the personal data for the purpose of processing, but you do need your personal data to assert, exercise or defend legal claims and, want to prevent e.g. deletion.
- You have filed an objection against the processing pursuant to Art. 21 para. 1 DS-GMO and it is not yet clear whether the legitimate reasons of us as the responsible party outweigh those of you as the data subject.
If you would like to exercise your right to restrict processing, you can always contact one of our employees.
e) Right to Data Portability
You have the right granted by the European Directive and regulatory authority to receive the personal data relating to you provided to us in a structured, common and machine-readable format.
You also have the right to transmit this data to another person responsible without hindrance by us, if the processing is based on the consent pursuant to Article 6 paragraph 1 letter a GDPR or Article 9 paragraph 2 letter a GDPR or Article 6 (1) (b) of the GDPR and processing by means of automated procedures, unless the processing is necessary for the performance of a task in the public interest or in the exercise of official authority was transferred.
Furthermore, you have the right under Article 20 paragraph 1 GDPR on data portability and may require that your personal data without hindrance or disadvantages transmitted directly from us to another person responsible, if this is technically feasible and if not the rights and other people’s freedom are affected.
If you would like to assert your right to data transfer, you can contact one of our employees at any time.
To exercise your right of objection, you can contact one of our employees directly. You are also free to exercise your right of opposition in connection with the use of Information Society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
f) Right of Objection
You have the right conferred by the European legislator of directives and regulations to object at any time, for reasons arising from your particular situation, to the processing of personal data, concerning you under Art. 6 para. 1 lit.e) or f) GDPR,. This also applies to profiling based on these provisions.
We will no longer process your personal data in the event of an objection, unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If we process personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. This also applies to the profiling, insofar, as it is connected with such direct advertising. If you object to our processing for direct advertising purposes, we will no longer process your personal data for these purposes.
Furthermore, for reasons arising from your particular situation, you have the right, to object to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 (1) GDPR unless such processing is necessary to fulfill a task in the public interest.
You are also free to exercise your right of opposition in connection with the use of Information Society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
g) Right to Revoke Consent under Data Protection
You have the right, granted by the European directives and regulations Giver, to revoke consent to the processing of your personal data at any time.
If you would like to exercise your right to revoke your consent, you can contact one of our employees at any time.
You have the right granted by the European legislator of directives and regulations to lodge a complaint with a supervisory authority, without prejudice to any other administrative or judicial remedy, in particular in the Member State where you are staying, working or suspected of having infringed this Regulation, if you consider that the processing of personal data concerning you is contrary to it.
h) Right of appeal to the competent supervisory authority
You have the right granted by the European legislator of directives and regulations to lodge a complaint with a supervisory authority without prejudice to any other administrative or judicial remedy, in particular in the Member State where you are staying, working or suspected of having infringed this if you consider that the Processing of personal data concerning you is contrary to it.
Integration of Google Fonts
On our website we include the fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
The opt-out option can be found here: https://adssettings.google.com/authenticated.
Integration of Youtube
On our website we integrate the videos of the platform “YouTube” of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
The opt-out option can be found here: https://adssettings.google.com/authenticated.
Integration of Facebook
You can also find us on Facebook. For this purpose we have linked our Facebook profile on our website. The Facebook plugin was not used, so that no data is transferred from our website to Facebook, when the Facebook link is called.
Integration of XING
We are also represented on XING. For this purpose, the XING “share button” was integrated on our website. When you access this website, the Internet browser you use connects to the servers of XING AG, Gänsemarkt 43, 20354 Hamburg, Germany. This provides the share functions (e.g., displaying the meter value). Your personal data will not be stored when you access this website. XING also does not store IP addresses or evaluate your usage behavior.
The current information on data protection with regard to the “Share-Button” and other relevant information can be found at:
Legal Basis of Processing
Art. 6 I lit. a) serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to whose contracting party you are a party, as is the case for example with processing procedures which are necessary for the provision of our service or consideration, the processing is based on Art. 6 I lit. b) GDPR. The same applies to processing processes, that are necessary to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services. If our company is subject to a legal obligation which requires the processing of personal data, for example for the fulfilment of tax obligations, the processing is governed by Art. 6 I lit. c) GDPR.
In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would had to be passed on to a doctor, a hospital or other third parties. Then the processing would be based on Art. 6 I lit. d) GDPR.
Ultimately, processing operations could be based on Art. 6 I lit. f) GDPR Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis, if processing is necessary to safeguard the legitimate interest of our company or a third party, provided that your interests, fundamental rights and fundamental freedoms do not prevail. Such processing procedures are permitted to us in particular because they have been specifically mentioned by the European legislator. In this respect, he was of the option, that a legitimate interest could be assumed if you as the person concerned are our (see also recital 47 sentence 2 GDPR).
Authorized interests in the processing that are being pursued by us or a third party
Based on Article 6 I (f) of the GDPR, it is in our legitimate interest to conduct our business for the benefit of all our employees and our shareholders.
Duration for which the personal data is stored
The criterion for the duration of the storage of personal data is the respective legal retention period. Two common regulations are listed below as examples:
- 6 years in accordance with § 257 Abs. 1 HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.)
- 10 years in accordance with § 147 Abs. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.)
After expiry of this period, the corresponding data will be routinely deleted, unless they are no longer required for contract performance or contract initiation.
Legal or contractual provisions for the provision of personal data; Necessity for the conclusion of the contract; Obligation of the data subject to provide the personal data; possible consequences of non-provision
We clarify that the provision of personal data may be partly required by law (for example, by tax regulations) or may result from contractual arrangements (such as details of the contractor).
Sometimes it may be necessary to conclude a contract that you as the data subject provide us with data as the responsible party, which must subsequently be processed by us. For example, you are required to provide us with personal information when our company concludes a contract with you. Failure to provide your personal information would mean that the contract could not be concluded with you.
Before you provide us with personal information, you must contact one of our employees. Our employee will clarify to you on a case-by-case basis whether the provision of the personal data is required by law or contract or is required for the conclusion of the contract, whether there is an obligation to provide the personal data, and what would be the consequence of the non-provision of the personal data.