Data protection declaration for the website www.westermanngruppe.de
Thank you for visiting our website and for your interest in our company. We take
the protection of your personal data very seriously. We process your data in accordance with the legal regulations applicable for the protection of personal data, in particular the EU General Data Protection Act (GDPR) and national regulations. With the help of this Data Protection Declaration, we can inform you in detail about how your personal data is processed by Westermann GmbH & Co. KG and the rights to which you are entitled.
Personal data is any information that can be used to identify a natural person. This may include surname, date of birth, address, telephone number, email address and your IP address.
Data shall be considered anonymous if no personal reference to the user can be derived therefrom.
Responsible entity and Data Protection Officer
Westermann GmbH & Co.KG
38104 Braunschweig, Germany
T. +49 531 708 0
F. +49 531 708 127
Data protection officer contact: email@example.com.
Your rights as an affected person
Here, we would like to inform you of your rights as an affected person. These rights are standardised in Article 15-22 of the EU-GDPR. This encompasses:
- Right to information (Article 15 of the EU-GDPR),
- The right to deletion (Article 17 of the EU-GDPR),
- The right to rectification (Article 16 of the EU-GDPR),
- Right of data portability (Article 20 of the EU-GDPR),
- The right to restriction of processing (Article 18 of the EU-GDPR),
- The right to object to data processing (Article 21 of the EU-GDPR).
In order to exercise these rights please contact: Email: firstname.lastname@example.org, Telephone: +49 531 708 0 Post: Westermann GmbH & Co. KG, Georg-Westermann-Allee 66, 38104 Braunschweig, Germany.
The same applies should you have any questions regarding data processing at our company. You have the right to appeal at a data protection authority.
Right to object to data processing
Please note the following with regards to the right to object to data processing:
If we process your data for the purpose of direct advertising, you have the right to object to the processing of this data at any time without providing reasons. This also applies to profiling insofar as it is associated with such direct advertising.
If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for these purposes. This objection is free of charge and can take place in any format, ideally via:
Email: email@example.com, Telephone: +49 531 708 860 Post: Westermann GmbH & Co. KG, Georg-Westermann-Allee 66, 38104 Braunschweig, Germany.
In the event that we process your data to safeguard justified interests, you may object to the processing of this data which arises as a result of your particular situation at any time; this also applies to profiling based on these clauses.
We shall no longer process your personal data unless we can establish compelling legitimate grounds for processing it that outweigh your interests, rights and freedoms, or processing it for purposes of asserting, exercising or defending against legal claims.
Purpose and legal bases of data processing
Your personal data is processed according to the EU-GDPR and all other applicable data protection regulations. The legal bases for processing data are formed in particular from Article 6 of the EU-GDPR.
We use your data to process contact enquiries, to initiate business transactions and to fulfil contractual and legal obligations. Your consent acts as permission with regards to data protection law. We hereby inform you about the purposes of data processing and your right to object to data processing. Should the consent also extend to the processing of particular categories of personal data, we will notify you expressly of this in the consent, Article 88 para. 1 of the EU-GDPR.
Processing of particular categories of personal data in the sense of Article 9 para. 1 of the EU-GDPR shall only apply if this is legally required and there is no reason to believe that your legitimate interests shall be affected as a result, Article 88 para. 1 of the EU-GDPR.
Dissemination of data to third parties
We shall only pass on your data to third parties within the scope of legal provisions or corresponding consent. Otherwise, this shall not be transferred to third parties unless we are obliged to as a result of a legal requirement (transfer to external authorities such as supervisory authorities or law enforcement authorities).
Recipients of data / Categories of recipients
At our company, we ensure that only those persons who require your data to fulfil our contractual and legal obligations shall gain access (to it).
In many cases, service providers assist our specialist departments with the fulfilment of their tasks. All service providers are required to conform to the necessary data protection guidelines.
Third country transfer / Third country intent to transfer
Transfer of data to third countries (outside of the European Union or European Economic Area) shall only take place if we are contractually or legally obliged to do so, or you have given your consent.
Storage duration of data
We store your data as long as is required to process your order. Please note that various retention periods demand that data is stored after this time. This particularly concerns commercial law or fiscal regulations (e.g. commercial code, fiscal law, etc.). If no additional retention periods are required, the data will be routinely deleted after fulfilling its purpose. This means that we may store data if you have consented to this or if legal regulations require us to do so and we use statutory limitation periods which may last up to thirty years; the regular limitation period is three years.
Secure transmission of your data
In order to protect your data against accidental or wilful manipulation, loss, destruction or access by unauthorised persons, we use technical and organisational security measures. The security level is continuously reviewed in collaboration with security experts and adapted to meet new security standards.
We offer users content encryption when using our contact forms. Decryption of this data is only possible by us. There is also the option of using alternative communication channels (e.g. post).
Categories, sources and origin of data
The data we process depends on the context: This may depend on whether you place an order online, submit an enquiry using our contact form or send us an application or complaint.
Please note that we store information in appropriate places depending on the processing situation, e.g. when uploading application documents or a contact enquiry.
We collect and process the following data when visiting our website:
- Name of the internet service provider
- Details about the websites from which you visit us
- Web browser and operating system used
- The IP address issued by your internet service provider
- Requested files
- The amount of data transmitted, downloads/file export
- Details about the websites visited through our site including date and time
For technical security reasons (in particular to defend against hacking attempts on our web server), this data is stored pursuant to Article 6 para. 1 lit. F EU-GDPR. After no more than 7 days, anonymisation takes place by shortening the IP address so that no reference to the user can be found.
We collect and process the following data upon receipt of a contact enquiry:
- Surname, first name
- Contact information
- Details of the enquiry and interests
Contact form / Contacting by email (Article 6 para. 1 lit. a) of the EU-GDPR)
A contact form is provided on our website which can also be used to establish contact with us electronically. If you write to us using the contact form, we process the details provided in the contact form for the purpose of establishing contact and responding to your enquiry.
In accordance with the principles of data processing, we ensure you only need to provide the data necessary to establish contact with you. This includes your email address and message itself. Your IP address is processed for technical and legal reasons. All other data are voluntary fields and can be optionally provided (e.g. for a more personal response to your enquiry).
If you contact us by email, we will only process the personal data provided for the purpose of handling your enquiry. If you do not use the contact form provided, no further data collection will take place.
Automated case-by-case decision
We do not use any automated processing methods to make a decision.
Cookies (Article 6 para. 1 lit. f) of the EU-GDPR / Article 6 para. 1 lit. a of the EU-GDPR upon consent)
Our website uses so-called cookies in several places. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser (locally on your hard drive).
These cookies allow us to analyse how users use our website. This allows us to tailor our website content to user requirements. Cookies also allow us to measure the effectiveness of a particular advert and place them based on user interests.
Most of the cookies we use are known as “session-cookies”. These are automatically deleted after your visit. Permanent cookies are automatically deleted from your computer once their expiry period has been reached (usually six months) or if you delete them yourself prior to this date. Most internet browsers accept cookies automatically. You can usually change your browser settings if you prefer not to give out such information. You can use our website services without any limitations (excluding: configurators).
Please note: If you disable cookies from being placed in the internet browser used, then, under certain circumstances, not all the functions of our website will be fully usable.
Social plugins by social networks
We do not use social plugins.
Online offers for children
Persons under 16 years of age should not send us personal data without the consent of their parents or legal guardians. We encourage parents and guardians to actively participate in the online activities and interests of their children.
Links to other providers
Our website clearly displays links to other websites. We have no influence over the content of other websites to which we provide a link. For this reason, we cannot accept liability for such third-party content. The respective provider or operator of such sites is always responsible for the content of linked sites.
The linked sites were checked at the time of linking for possible legal violations or clearly identifiable infringements. Illegal content was not evident at that time. A permanent inspection of linked sites is not reasonable without concrete evidence of an infringement of the law. On becoming aware of legal violations, we will remove such links immediately.
- Social Media -
Westermann GmbH & Co. KG maintains various appearances in "social media". As far as we have the control over the processing of your data, we ensure that the applicable data protection regulations are followed.
Name and adress of the responsible body
In addition to Westermann GmbH & Co. KG, responsible for corporate appearances within the meaning of the EU General Data Protection Regulation (GDPR) and other data protection regulations are:
- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
- Instagram (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
- Youtube (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Irland)
- Xing (Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany)
- LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland)
- Twitter (Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
- TikTok (TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Irland)
However, you use these platforms and their functions (e.g. commenting, sharing, rating) on your own responsibility.
We further point out that when you use these platforms, your data may be processed outside the European Union. As a result of being certified under the EU-US Privacy Shield, US providers guarantee that EU data protection standards will be respected, including when data is processed in the United States.
Purposes and legal bases of data processing
We maintain the fan pages in order to communicate with the visitors of these pages and to inform them about our services. In addition, we collect data for statistical purposes in order to develop and optimize the content and to make our offer more attractive. The required data (e.g. total page views, page activity and visitor-provided data, interactions) is processed and made available by the social networks. We do not have any influence on the generation and presentation.
In addition your personal data will be processed by the providers of social media, but also by die Westermann GmbH & Co. KG [if applicable], for marketing research and advertising purposes. For example, user profiles may be generated on the basis of your usage behaviour and associated interests. This makes it possible to activate ads both within and outside these platforms that presumably correspond to your interests. As a general rule, cookies are stored on your device for this purpose. Regardless of this, the usage profiles may also be used to store data that is not collected directly from your device. The storage and analysis also takes place across all devices, this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.
The processing of your personal data by Westermann GmbH & Co. KG is based on our legitimate interests in effectively informing and communicating in accordance with Art. 6 para. 1 sentence 1 lit. f. GDPR.
If you are asked to consent to data processing (if you declare your consent by confirming a button or similiar /opt-in), the legal basis of the processing is Art. 6 para. 1 sentence 1 lit. a, Art. 7 GDPR.
Your rights / Right to object
If you are member of a social network and do not want the network to collect information about you via our website and link it to your stored membership data on the respective network, you must
• log-out of the respective network before visiting our fan page,
• delete the existing cookies on your device and
• Close and reopen your browser.
The next time you log in, however, you will be recognized by the network again as a specific user. For a detailed description of the respective processing and the right of objection (opt-out), we refer to the following linked data:
Opt-Out (https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com)
Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active)
Opt-Out (http://www.networkadvertising.org/managing/opt_out.asp and http://www.youronlinechoices.com)
Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active)
Opt-Out (https://tools.google.com/dlpage/gaoptout?hl=de and http://www.youronlinechoices.com)
Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active)
Opt-Out (https://www.linkedin.com/legal/cookie-policy and http://www.youronlinechoices.com)
Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0)
Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active)
For our online content we use the services of Sprout Social. The provider is Sprout Social Inc., 131 Dearborn St. Floor 7, Chicago, IL 60603, USA. The functions provided by Sprout Social enable us to evaluate social media activity. This is a client management tool which collects and presents messages and posts to our social media sites in a clear and efficient way, allowing us to analyse and respond to said messages and posts quickly. The legal basis for this is our legitimate interest according to art. 6 para. 1 lit. f) DSVGO. Only data which you have sent to our social media site through messages or posts, and which are directly visible to us on our social media site, will be collected. Further information can be found in the data protection clauses of Sprout Social: https://sproutsocial.com/de/privacy-policy/. Sprout Social is committed to compliance with the data protection principles set out in EU legislation (https://www.privacyshield.gov/participant?id=a2zt0000000TOR6AAO&status=Active). In addition, we have concluded a so-called ‘Data Processing Agreement’ with Sprout Social, in which Sprout Social commits to protecting customer data and not passing it on to third parties.
In total, you have the following rights with regard to the processing of your personal data: right of access, right to rectification, right to data portability, right to object to data processing, right to erasure, right to restriction of data processing. You are also entitled to lodge complaints with a supervisory authority for data protection. However, Westermann GmbH & Co. KG does not have complete access to your personal data, you should contact the social media providers directly for asserting your rights because they have access to their users personal data and can take appropriate actions and provide information.
Should you still need help, we will of course try to support you. Please contact us at datenschutzbeauftragter(at)westermanngruppe.de
Notes copyright and art copyright law
If you want to publish images, texts, plans, videos, music, etc. on our website, please note that you may be able to assign all rights of use to the network, which could ultimately have legal consequences if you are not the author or right holders.