/Privacy Policy
Privacy Policy 2018-05-23T22:04:01+00:00

Privacy Policy GDPR

The Welte GmbH in Freiburg attaches great importance to compliance with data protection regulations. A use of our internet pages is basically possible without any indication of personal data. However, if you wish to use special services via our website, it may be necessary to process personal data. If the processing of personal data is required and there is no legal basis for such processing, we will seek your consent.

The processing of your personal data, such as your name, address, e-mail address or telephone number, is always carried out in accordance with the General Data Protection Regulation and the Federal Data Protection Act, as well as in accordance with our country-specific data protection regulations. By means of this Privacy Policy we would like to inform you about the nature, extent and purpose of the personal data collected, used and processed by us.

Furthermore, you will be informed about your rights by means of this privacy policy.

As the responsible body, we have implemented numerous technical and organizational measures to ensure the most complete protection possible for personal data processed via this website. Nevertheless, Internet-based data transmissions (e-mail, for example) can generally have security holes, so that absolute protection can not be guaranteed. For this reason, you are at any time free to transmit personal data to us in alternative ways, for example by telephone or by post.

Definitions

Our privacy policy is based on the terminology used by the European Regulatory Authority when issuing the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. In order to ensure this, we list in advance the definitions used in accordance with the wording of Art. 4 GDPR:

a)    Personal Data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject” or direct address such as “you”). A natural person is considered to be identifiable who, directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, expresses the physical, physiological, genetic, mental, economic, cultural or social identity of this natural person can be identified.

b)    Affected Person 

Affected person is any identified or identifiable natural person whose personal data is processed by the controller.

c)    Processing

Processing means any process or series of operations related to personal data, such as collecting, collecting, organizing, storing, adapting or modifying, reading, querying, using, with or without the aid of automated procedures; disclosure by submission, dissemination or other form of provision, reconciliation or association, restriction, erasure or destruction.

d)    Restriction of processing

Restriction of the processing is the marking of stored personal data with the aim to limit their future processing.

e)    Pseudonymization

Pseudonymisation is the processing of personal data in such a way that personal data can no longer be attributed to a specific data subject without the need for additional information, provided that such additional information is kept separate and subject to technical and organizational measures to ensure that the personal data not assigned to an identified or identifiable natural person.

f)    Responsible Body

The responsible body or controller is the natural or legal person, public authority or body that, alone or in concert with others, decides on the purposes and means of processing personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for his designation may be provided for under Union or national law.

g)    Processors

The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller.

h)    Receiver

Recipient is a natural or legal person, agency or other entity to whom Personal Data is disclosed, whether or not it is a third party. However, authorities which may receive personal data under Union or national law in connection with a particular mission are not considered as beneficiaries.

i)    Third Person

Third is a natural or legal person, public authority or body other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or the processor to process the personal data.

j)    Consent

Consent is any voluntarily given and unambiguously expressed consent in the form of a statement or other unambiguous confirmatory act on a voluntary basis by the data subject for the particular case, by which the data subject indicates that they are involved in the processing of the person concerned personal data.

Name and address of the controller:

The responsible body within the meaning of the General Data Protection Regulation, other data protection laws in the Member States of the European Union and other provisions with data protection character is:

Welte GmbH
Am Schloss 4
79117 Freiburg
Tel.: 0761-696860
E-Mail: info@weltenet.de

Data Protection Officer:

Welte GmbH has appointed an external data protection officer:

Sebastian Koye
Datenschutzklinik
Urbanstr. 7
79104 Freiburg
Tel.: 0761-59519814
E-Mail: datenschutz@datenschutzklinik.de

Cookies

We use cookies on our website. These are small text files stored on your computer system via an internet browser (e.g., Firefox, Chrome, Safari, Edge, Internet Explorer, Opera).

Many websites and servers use cookies. Many cookies contain a cookie ID. This is a unique identifier of the cookie and consists of a string through which Internet pages and servers can be assigned to the specific Internet browser of the user in which the cookie was stored. This allows visited websites and servers to distinguish the individual’s browser from other internet browsers that contain other cookies. A particular web browser can be recognized and identified by the unique cookie ID.

By using cookies, we can provide users of this website with more user-friendly services that would not be possible without cookies. Almost without exception, we use session cookies, which are automatically deleted after the visit ends when the browser is closed.

You can prevent the setting of cookies through our website at any time by means of a corresponding setting of the Internet browser used and thus permanently contradict the setting of cookies. Furthermore, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If you deactivate the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

Collection of general data and information via the website

When you visit our website, our system collects a series of general data and information. This general data and information is stored in the log files of the server. The (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the internet page from which an accessing system accesses our website (so-called referrers), (4) the sub-web pages which can be accessed via (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information used in the event of attacks on our information technology systems.

When using this general data and information, we draw no conclusions about you as the person concerned. Rather, this information is required to (1) correctly deliver the contents of our website, (2) to optimize the content of our website and to advertise it, (3) to ensure the continued functioning of our information technology systems and the technology of our website, and ( 4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyberattack. This anonymously collected data and information is therefore statistically and further evaluated by us with the aim of increasing the privacy and data security in our company in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by an affected person.

Contact via the website

Our website contains a contact form which allows us to contact our company quickly and communicate directly with us, which also includes a general address of the so-called electronic mail (e-mail address). If an affected person contacts us via e-mail or via a contact form, the personal data transmitted by the person concerned will be automatically saved. Such personal data, voluntarily transmitted by an individual to the controller, is stored for the purpose of processing or contacting the data subject. There is no disclosure of this personal data to third parties.

SSL Encryption

On our website, we use the SSL encryption to protect your transmitted data (for example, via the contact form) in the best possible way against unauthorized third-party access. Such a secure connection can be recognized by the prefix “https: //” in the URL of your address line, for example:

https://www.weltenet.de/

For unencrypted, the prefix looks like this: “http: //”


Deletion and blocking of personal data

We only store your personal data for as long as it is necessary for the purpose of storage or if this has been provided for in the laws or regulations to which we are subject by the European directive and regulatory body or another legislator.

If the purpose of the storage is omitted or if a storage period prescribed by the European directives and regulations or any other relevant legislator expires, your personal data will be blocked or deleted in accordance with the statutory provisions.

Rights of the person concerned

a)    Right to Information

You have the right, granted by the European directive and regulatory authority, to obtain free information from us at any time as to whether we store personal data about you.

If this is the case, you have the right to the following information:

The processing purposes, the categories of personal data being processed, the recipients or categories of recipients to whom the personal data are or will be disclosed, in particular for beneficiaries in third countries or international organizations, if possible, the planned duration for which personal data is stored or, if this is not possible, the criteria for determining that duration, the right of rectification or deletion of the personal data concerning them or restriction of our processing or right to object to such processing with a supervisory authority, if the personal data are not collected from the data subject: All available information about the origin of the data the existence of an automated decision making including profiling acc Article 22 (1) and (4) of the GDPR and – at least in these cases – meaningful information on the logic involved and the scope and intended impact of such processing on the data subject.

If you would like to assert your right to information, you can contact one of our employees at any time.

b)    Right to Rectification

Any person affected by the processing of personal data you have the right granted by the European directive and regulatory authority to demand the immediate correction of incorrect personal data concerning you. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.

If you would like to exercise your right to rectification, you can contact one of our employees at any time.

c)    Right to Cancellation (right to be forgotten)

You have the right, granted by the European directive and regulatory authority, to require us to delete your personal data without delay if one of the following causes is true and processing is not required:

  • If any of the above reasons are correct and you wish to arrange for the deletion of personal data stored by us, you may contact one of our employees at any time.
  • If the personal data have been made public by us and our company as a responsible body under Article 17 paragraph 1 DS-GVO is obliged to delete the personal data, we take appropriate measures, taking into account the available technical possibilities and the implementation costs, to inform other controllers (eg processors) who process your published personal data that you have requested the deletion of your personal data, copies or thereof from these other controllers. This is done as far as the processing is not required by other legal provisions.
  • Your personal data has been collected for such purposes or otherwise processed for which they are no longer necessary.
  • They revoke their consent, on which the processing was based in accordance with Article 6 (1) (a) of the GDPR or Article 9 (2) (a) of the GDPR, and there is no other legal basis for the processing.
  • In accordance with Article 21 (1) of the GDPR, they object to the processing and there are no high-level legitimate grounds for the processing or the data subject objects to the processing in accordance with Article 21 (2) of the GDPR on.
  • Your personal data has been processed unlawfully.
  • The deletion of your personal data is required to fulfill a legal obligation under EU or national law, to which we as the responsible body are subject.
  • The personal data were collected in relation to information society services offered pursuant to Art. 8 para. 1 DS-BER.

If you would like to assert your right to cancellation, you can contact one of our employees at any time.

d)    Right to Restriction of Processing

You have the right, granted by the European directive and regulatory authority, to require us to restrict processing if any of the following conditions apply:

  • One of the above conditions applies and you require the restriction of personal data stored by us.
  • The accuracy of your personal data is contested by you, for a period of time that enables us, as the responsible authority, to verify the accuracy of your personal data.
  • The processing is unlawful, you refuse the deletion of your personal data and instead require the restriction of the use of your personal data.
  • We no longer need your personal information for processing purposes, but you need your personal information to assert, exercise or defend your rights and, for example, prevent a deletion.
  • You have objection to the processing acc. Art. 21 para. 1 DS-GVO and it is not yet clear whether the legitimate reasons of us as the responsible body outweigh those of you as the data subject.

If you wish to exercise your right to restrict processing, you can always contact one of our employees.

e)    Right to Data Portability

You have the right granted by the European Directive and regulatory body to obtain the personal data relating to you that you have provided to us in a structured, common and machine-readable format.

You also have the right to transmit this data to another person responsible without hindrance by us, if the processing is based on the consent pursuant to Article 6 paragraph 1 letter a DS-GVO or Article 9 paragraph 2 letter a DS-GVO or Article 6 (1) (b) of the GDPR and processing by means of automated procedures, unless the processing is necessary for the performance of a task in the public interest or in the exercise of official authority was transferred.

Furthermore, you have the right under Article 20 paragraph 1 DS-GVO on data portability and may require that your personal data without hindrance or disadvantages transmitted directly from us to another person responsible, if this is technically feasible and if the rights and other people’s freedom are not affected.

If you would like to assert your right to data transfer, you can contact one of our employees at any time.

f)    Right to Contradict

You have the right conferred by the European directive and regulatory authority at any time, for reasons that arise from your particular situation, against the processing of your personal data, which pursuant to Art. 6 para. 1 lit. e) or f) GDPR, objection is lodged. This also applies to profiling based on these provisions.

We will no longer process your personal data in the event of an objection, unless we can demonstrate compelling legitimate reasons for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of asserting, exercising or defending legal claims.

If we process personal data in order to operate direct mail, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. This also applies to the profiling, as far as it is associated with such direct mail. If you object to our processing for direct marketing purposes, we will no longer process your personal data for these purposes.

You also have the right, for reasons that arise from your particular situation, to object to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes pursuant to Art. 89 (1) GDPR unless such processing is necessary to fulfill a public interest task.

To exercise the right to object, you can contact one of our employees directly. In addition, in the context of the use of information society services, regardless of Directive 2002/58/EC, you are free to exercise your right to object through automated procedures that use technical specifications.

g)    Right to Revoke a Data Protection Consent

You have the right, granted by the European directives and regulations, to revoke your consent to the processing of your personal data at any time.

If you would like to assert your right to revoke your consent, you can contact one of our employees at any time.

h)    Right to Complain to the Controlling Authority

You have the right conferred by the European directive and regulatory authority to lodge a complaint with a supervisory authority without prejudice to any other administrative or judicial remedy, in particular in the Member State of its residence, employment or the place of the alleged breach, if you consider that the Processing of your personal data in breach of this Regulation.

Integration of Google Fonts

On our website we embed the fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

The Google Fonts privacy policy can be found at the following link: https://www.google.com/policies/privacy/

The opt-out option can be found here: https://adssettings.google.com/authenticated.

Integration of Youtube

On our website we embed the videos of the platform “YouTube” of the provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

The privacy policy for the Youtube platform can be found at the following link: https://www.google.com/policies/privacy/

The opt-out option can be found here: https://adssettings.google.com/authenticated.

Integration of Facebook

You can also find us on Facebook. For this we have linked our Facebook profile on our website. The Facebook plugin was not used, so that when you call up the Facebook link, no data is transmitted from our website to Facebook.

 Integration of XING

We are also represented on XING. For this purpose, the “share button” of XING was integrated on our website. When you access this website, your internet browser will connect to the servers of XING AG, Gänsemarkt 43, 20354 Hamburg, Germany. This will provide the share functions (e.g., displaying the counter value). Your personal data will not be saved when you access this website. XING also does not store any IP addresses or evaluate your usage behavior.

The current information on data protection regarding the “Share-Button” as well as other relevant information can be found at:

https://www.xing.com/app/share?op=data_protection

Legal Basis of Processing

As a legal basis for processing operations in which we obtain consent for a specific processing purpose, the legal basis is Art. 6 I lit. a). If the processing of personal data is required to fulfill a contract of which you are a party, as is the case, for example, in processing operations necessary for the provision of our service or consideration, the processing is based on Art. 6 I lit. b) GDPR.

The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of inquiries regarding our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as the fulfillment of tax obligations, the processing according to Art. 6 I lit. c) GDPR.

In rare cases, the processing of personal data may be required to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and his or her name, age, health insurance or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d) GDPR.

Ultimately, processing operations could be based on Art. 6 I lit. f) GDPR are based. On this legal basis, processing operations that are not covered by any of the above legal bases are required if processing is necessary to safeguard the legitimate interests of our company or a third party, unless your interests, fundamental rights and fundamental freedoms prevail. Such processing operations are particularly allowed to us because they have been specifically mentioned by the European legislator. In this regard, he took the view that a legitimate interest could be assumed if you are our customer as the data subject (see also recital 47 sentence 2 GDPR).

Authorized interests in the processing that are being pursued by us or a third party

Is the processing of personal data based on Article 6 I lit. f) GDPR is our legitimate interest in conducting our business for the benefit of all of our employees and our shareholders.

Duration for which the personal data is stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. Below are two common rules listed as examples:

  • 6 years according to § 257 Abs. 1 HGB (trading books, inventories, opening balance sheets, annual accounts, trade letters, accounting documents, etc.)
  • 10 years according to § 147 Abs. 1 AO (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.)

After the deadline, the corresponding data will be routinely deleted, if they are no longer required to fulfill the contract or to initiate a contract.

Legal or contractual provisions for the provision of personal data; Necessity for the conclusion of the contract; Obligation of the data subject to provide the personal data; possible consequences of non-provision

We clarify that the provision of personal data may in part be required by law (for example, by tax regulations) or result from contractual arrangements (such as details of the contractor).

Sometimes it may be necessary to conclude a contract that you as the data subject provide us with data as the responsible party, which must subsequently be processed by us. For example, you are required to provide us with personal information when our company concludes a contract with you. Failure to provide your personal information would mean that the contract could not be concluded with you.

Before you provide us with personal information, you must contact one of our employees. Our employee will clarify to you on a case-by-case basis whether the provision of the personal data is required by law or contract or is required for the conclusion of the contract, whether there is an obligation to provide the personal data, and what would be the consequence of the non-provision of the personal data.