Data protection information

Part A: Data protection notice of WifOR GmbH for the websites https://www.wifor.com and https://impact.wifor.com

The Controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

WifOR GmbH

Rheinstraße 22
64283 Darmstadt
Phone: +49 6151 50155-0
Telefax: +49 6151 50155-29
Website: www.wifor.com
E-Mail: kontakt@wifor.com

2 Name and address of the data protection officer

The data protection officer of the controller is:

WifOR GmbH
Benno Legler
Joseph-Haydn-Straße 1
10557 Berlin
Benno Legler
Phone: +49 151 / 467 203 25
E-Mail: benno.legler@wifor.com

Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

3 Definitions

The data protection notice of WifOR GmbH is based on the defined terms of the General Data Protection Regulation (GDPR). Our data protection notice should be easy to read and understand. To ensure this, we explain the terms used in advance:

3.1 Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

3.2 Data subject

Data subject means any identified or identifiable natural person whose personal data are processed by the Controller.

3.3 Processing

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3.4 Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

3.5 Profiling

Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

3.6 Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organisational security measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

3.7 Controller

The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

3.8 Data processor

Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.

3.9 Recipient

A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

3.10 Third party

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the Controller, the Processor and the persons authorized to process the personal data under the direct responsibility of the Controller or the Processor.

3.11 Consent

Consent means any freely given specific and informed indication of the data subject’s wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

4 General information on data processing; legal basis, purposes of the processing, period for which personal data will be stored, objection and possibility of elimination

4.1 General information on the legal basis

Insofar as we obtain the consent of the data subject for processing operations involving personal data, Art. 6 Par. 1 lit. a EU Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 Par. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 Par. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 Par. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 Par. 1 lit. f GDPR serves as the legal basis for the processing.

4.2 General indication on data erasure and storage duration

The personal data of the data subject will be deleted or blocked as soon as the purpose of the storage no longer applies. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the Controller is subject. Blocking or erasure of the data will also take place if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.

4.3 General information on processing on our website

Data privacy, data security and protection of secrets are high priorities for us. The permanent protection of your personal data, your company data and your company secrets is particularly important to us.

In principle, you can visit our website without providing any personal information. However, if you make use of our company’s services via our website, such as WISIT, the WifOR Sustainability Impact Tool, this makes it necessary to provide your personal data. As a rule, we use the data indicated by you and collected by the website and stored during use exclusively for our own purposes, namely for the implementation and provision of our website and the initiation, implementation and processing of the services/offers offered via the website (contract fulfillment) and do not pass them on to outside third parties unless there is an officially ordered obligation to do so. In all other cases, we obtain your separate consent.

The processing of your personal data is carried out in accordance with the requirements of the General Data Protection Regulation and in compliance with the country-specific data protection provisions applicable to us. By means of this data protection notice, we would like to inform you about the type, scope and purpose of the personal data we process. In addition, we inform you about your rights by means of this data protection notice.

We have implemented technical and organisational security measures to ensure an adequate level of protection for the personal data processed via this website. Nevertheless, Internet-based data transmissions can have security gaps, so that no absolute protection can be guaranteed.

5 Collecting of general data and information

The website of WifOR and the website of our impact sustainability tool WISIT collect a series of general data and information each time a data subject or automated system calls up the website. This general data and information is stored in the log files of the server. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

When using these general data and information, WifOR does not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the content of our website correctly, (2) to optimize the content of our website and the advertising for it, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack. Therefore, the WifOR analyzes anonymously collected data and information on one hand for statistical purposes and on the other hand for the purpose of increasing the data protection and data security of our enterprise, and ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from any personal data provided by a data subject.

Legal basis

Art. 6 para. 1 lit. f GDPR

(legitimate interest)

Storage purpose

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

Storage duration

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

Objection / opportunity for elimination

No, since mandatory for operation of the website

6 Email contact

On our website, it is possible to contact WifOR employees via the e-mail address provided (in the imprint) or via direct e-mail links. In this case, the user’s personal data transmitted with the e-mail will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for the processing of the conversation.

Legal basis

The legal basis for the processing of data in the case of inquiries via e-mail is

generally Art. 6 Par. 1 lit. b. GDPR (performance of contract; pre-contractual measures);
6 par. 1 lit. c. GDPR (fulfillment of a legal obligation, e.g. answering questions about data protection); and
otherwise Art. 6 par. 1 lit. f GDPR (legitimate interest).

Storage purpose

The processing of personal data from the e-mail serves us solely to process the contact. This is also the necessary legitimate interest in the processing of the data.

Storage duration

The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation shall be deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively clarified. The above does not apply if the correspondence is subject to a retention obligation under commercial law..

Objection / opportunity for elimination

The user has the opportunity to object at any time to the storing of his personal data. In such a case the conversation cannot be continued.

7 Data protection during applications and the application process

We collect and process personal data from applicants for the purposes of processing the application procedure. The processing may also take place electronically. This is particularly the case if an applicant sends us the relevant application documents electronically, for example by e-mail. If we conclude an employment contract with you as an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted no later than 90 days after notification of the rejection decision, provided that no other legitimate interests of the controller oppose erasure. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). he recipient of your personal data in connection with the application process is Personio GmbH, which offers personnel administration and applicant management software (https://www.personio.de/impressum/). We have concluded an order processing agreement with Personio in accordance with Art. 28 GDPR.

Legal basis

The legal basis for the processing of data via e-mail is:

usually Art. 6 para. 1 lit. b. GDPR (fulfillment of employment contract; pre-employment measures);
6 para. 1 lit. c. GDPR (fulfillment of a legal obligation, e.g. answering questions about the application process) and
otherwise Art. 6 para. 1 lit. f GDPR (legitimate interest) as well as special legal authorization norms, such as collective bargaining agreement, company agreement, income tax law, etc. In addition, reference is made to the Personal/HR processing directory.

Storage purpose

If we conclude an employment contract with you as an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.

Storage duration

If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after the notification of the rejection decision, unless other legitimate interests of the controller prevent such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

Objection / opportunity for elimination

Only general objection and elimination possibility.

8 Cookies

8.1 Description and scope of data processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

Language settings
Items in a shopping cart
Log-in information

We also use cookies on our website that enable an analysis of the user’s surfing behavior.

In this way, the following data can be transmitted:

search terms entered
Frequency of page views
Use of website functions

The user data collected in this way is pseudonymized by technical precautions. Therefore, an assignment of the data to the calling user is no longer possible. The data is not stored together with other personal data of the users.

When accessing our website, users are informed by an information banner about the use of cookies for analysis purposes and referred to this data protection notice. In this context, there is also an indication of how the storage of cookies can be prevented in the browser settings.

You can find out how to disable cookies on major browsers by following the links below:

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Chrome Browser: https://support.google.com/accounts/answer/61416?hl=de
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies

When calling up our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of personal data used in this context is obtained. In this context, there is also a reference to this data protection notice.

Legal basis

Art. 6 para. 1 lit. f GDPR (legitimate interests) for technically mandatory cookies

For the rest: Art. 6 para. 1 lit. a GDPR (consent)

Storage purpose

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.

The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer. In these purposes also lies our legitimate interest in the processing of personal data according to Art. 6 para. 1 lit. f GDPR.

Storage duration

Cookies are stored on the user’s computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies.

Objection / opportunity for elimination

By changing the settings in your Internet browser, you can disable or restrict the transfer of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full. The transmission of Flash cookies cannot be prevented via the settings of the browser, but by changing the setting of the Flash Player.

8.2 Privacy policy on the use and application of BorLabs Cookie

Our website uses the cookie consent technology of Borlabs Cookie to obtain your consent to the storage of certain cookies in your browser and to document this in accordance with data protection law. The provider of this technology is Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg (hereinafter Borlabs).

When you enter our website, a Borlabs cookie is stored in your browser, which stores the consents you have given or the withdrawal of these consents. This data is not shared with the Borlabs cookie provider.

Details on the data processing of Borlabs Cookie can be found at https://de.borlabs.io/kb/welche-daten-speichert-borlabs-cookie/.

Legal basis

Art. 6 para. 1 lit. c GDPR (legal obligation)

Art. 6 para. 1 lit. f GDPR (legitimate interest)

Storage purpose

The purpose of the use of legally required cookies is to be able to legally operate the use of our website. The storage of cookies allows us to document the obtaining or withdrawal of the necessary consents.

By saving your cookie settings, we additionally save you from having to agree to a cookie banner with each new visit to the website. This also improves the quality and user-friendliness of our website. In these purposes also lies our legitimate interest in the processing of personal data according to Art. 6 para. 1 lit. f GDPR.

Storage duration

The collected data will be stored until you request us to delete it or delete the Borlabs cookie yourself, or until the purpose for storing the data no longer applies. Mandatory legal retention periods remain unaffected.

Objection / opportunity for elimination

9 Usage of analysis programs

9.1 Privacy policy on the use and application of Google Analytics (with anonymization function)

General

We have integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, compilation and evaluation of data about the behavior of visitors to websites. A web analysis service collects, among other things, data about which website a data subject came to a website from (so-called referrers), which sub-pages of the website were accessed or how often and for how long a sub-page was viewed.

WifOR GmbH is aware of the transfer of its personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure lawful and secure processing of its personal data.

The operating company of the Google Analytics component is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

Anonymization of the IP address

We use the addition “gat.anonymizeIp” for web analysis via Google Analytics. This is a function for shortening the IP address. Accordingly, your IP address is anonymized before being transferred from a member state or another state party to the Agreement on the European Economic Area to the USA. In exceptional cases, anonymization of the IP address only takes place in the USA.

Order processing

The purpose of the Google Analytics component is to analyze the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website, and to provide other services related to the use of our website.

Google Analytics sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. By each call of one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component has been integrated, the internet browser on the information technology system of the data subject is automatically caused by the respective Google Analytics component to transmit data to Google for the purposes of the online analysis. As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and subsequently enable commission calculations.

By means of the cookie, personal information, for example the access time, the location from which an access originated and the frequency of visits to our website by the data subject, is stored. Each time the data subject visits our website, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical procedure to third parties.

We have concluded an order processing agreement with Google in this regard and in doing so observe the legal requirements of the GDPR as well as the requirements of the German data protection authorities regarding the use of Google Analytics.

Objection to the setting of cookies

The data subject can prevent the setting of cookies by our website, as already described above, at any time by means of an appropriate setting of the Internet browser used and thus object permanently to the setting of cookies. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programs.

Objection via browser add-on

Furthermore, the data subject has the option to object to the collection of data generated by Google Analytics and related to the use of this website, as well as to the processing of this data by Google, and to prevent such processing. For this purpose, the data subject must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on tells Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the data subject’s information technology system is deleted, formatted or reinstalled at a later point in time, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within his or her sphere of control, it is possible to reinstall or reactivate the browser add-on. If the use of Google Analytics is objected to, it is possible that some functions of the website may no longer be fully usable.

Further information

Further information and the applicable Google privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link https://marketingplatform.google.com/intl/de/about/analytics/.

Legal basis

Art. 6 para. 1 lit. a GDPR (consent)

Storage purpose

A web analysis is mainly used to optimize a website and for cost-benefit analysis of Internet advertising. The purpose of setting third-party cookies is to improve our offer for you by analyzing your user behavior. As a rule, only a pseudonymized data transfer to the third parties takes place. Incidentally, it is up to you to prevent the transmission of third-party cookies by making the appropriate setting in the cookie banner or within your Internet browser.

Storage duration

Third-party cookies are stored on the user’s computer and transmitted to our site by the user. They are stored until the purpose of the processing no longer applies or you withdraw your consent. Therefore, you as a user also have full control over the use of third-party cookies.

Objection / opportunity of elimination

By changing the settings in your Internet browser, you can disable or restrict the transmission of third-party cookies. Third-party cookies that have already been stored can be deleted at any time. This can also be done automatically. The transmission of Flash cookies cannot be prevented via the settings of the browser, but by changing the setting of the Flash Player.

9.2 Privacy policy on the use and application of HubSpot (with anonymization function)

We use the services of the software manufacturer HubSpot. HubSpot is a software company from the USA with a branch in Ireland (HubSpot European Headquarters, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland).

HubSpot is a service platform. The service used is an integrated software solution that allows us to manage customer data and cover various aspects of our online marketing. This includes, among other things, the analysis of landing pages and reporting. In the process, so-called “web beacons” are used and cookies are stored on the terminal device you use.

In the process, the following personal data may be collected, for example:

IP address,
geographical location,
type of browser,
duration of the visit,
pages viewed.

The collected information as well as the content of our website is stored on servers of our software partner HubSpot Ireland. We use HubSpot to analyze the use of our website. This allows us to constantly optimize our website and make it more user-friendly. We also use information to determine which of our company’s services are of interest to customers and newsletter subscribers and to contact them for advertising purposes. In addition, we use the evaluation to optimize our web offer for you.

However, we only use your IP address in a shortened version. This means that the IP address of users is shortened by HubSpot within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a HubSpot server in the USA and shortened there.

The cookies have a usual lifetime of 13 months. In addition, we delete the personal data collected via HubSpot as soon as the purpose for which it was collected has been achieved, unless legal retention periods prevent erasure.

The information generated by the cookie about the use of the online offer by the users may also be transmitted to a Google server in the USA and stored there. The processing takes place on the basis of EU standard contractual clauses. Through this, HubSpot offers a guarantee of compliance with European data protection law.

The storage of cookies is based on Art. 6 par. 1 lit. a GDPR. You can withdraw your consent here. Further information about the functioning of HubSpot, can be found in the privacy policy ofHubSpotInc..

Legal basis

Art. 6 para. 1 lit. a GDPR (consent)

Storage purpose

Storage duration

Objection /opportunity of elimination

10 Use and applicationof web presences, forms and other tools

10.1 Web presences

10.1.1 Note on data processing on our Twitter fan page

We, WifOR, use a Twitter fan page under the name @WifOR_Institute. In the following, we would like to inform you about the processing of your personal data on our Twitter fan page.

Processing of personal data by twitter

Twitter is a service provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A..

We would like to point out here that you use the services provided by Twitter Inc. and all associated functions (e.g., sharing and rating content) on your own responsibility.

Information about the data processing carried out by Twitter Inc. and the corresponding purposes pursued can be found in the privacy policy of Twitter Inc.

The privacy policy of Twitter can be found here: https://twitter.com/de/privacy.

We have no influence on the type and scope of the data processed by Twitter Inc. or its transfer to third parties. We have no means of control in this regard.

Your data is collected and processed by Twitter Inc. Transfers of your personal data take place, regardless of your place of residence, to the United States, Ireland and any other country in which Twitter Inc. does business.

Data that you have indicated voluntarily on Twitter will be processed by Twitter Inc. (e.g. name and username, e-mail address, telephone number or the contacts in your address book) if you upload them.

In addition, Twitter Inc. evaluates the content you share. As a result, Twitter Inc. determines the topics and content in which you are interested. It also processes confidential messages that you send to other Twitter users. GPS data, information on wireless networks or your IP address are used to determine your location and to send you corresponding content, usually advertising.

The evaluation may be carried out with the help of various analysis tools, such as Google Analytics. The use of such analysis tools by Twitter is not subject to our control or influence. If such analysis tools are used by Twitter Inc., we were not informed about the use of such tools. Consequently, Twitter Inc. has not been ordered, supported or similar by us in the use of such analysis tools. Furthermore, the results of such analysis are not made available to us. Only anonymized information about the response generated by tweets (clicks, likes, etc.) is visible to us. The use of analysis tools on our Twitter account cannot be turned off and there are no other options to turn off such use.

Twitter also receives data from visitors who do not have a Twitter account when they view content located on Twitter. This log data includes the IP address, the type of browser used, the operating system, information about the website previously visited and the pages you viewed, location, mobile provider, cookies or search terms and the terminal device used.

Twitter also has the option of recording visits to websites and assigning them to the corresponding Twitter account if so-called Twitter buttons or widgets have been embedded in the respective website.

You have the option of restricting the processing of your data by Twitter. To do this, you can open the general settings of your Twitter account and change your privacy settings under “Privacy and security”..

You can check and customize your privacy settings here: https://twitter.com/personalization
There is additional help for this at: https://help.twitter.com/de/search?q=datenschutz

Additionally you can change certain settings for your mobile devices (e.g. smartphones, tablets, etc.) so that Twitter only has limited access to your contact data, location data, calendar data or photos, among other things. These setting options differ depending on the operating system used on your mobile device.

For more information and assistance, please contact:

https://support.twitter.com/articles/20172711# (possibility to view one’s own data processed by Twitter).
https://twitter.com/your_twitter_data (information about inferences from Twitter to you)
https://support.twitter.com/forms/privacy (form to get more information from Twitter)
https://support.twitter.com/articles/20170320# (possibility to download your own Twitter archive)
Processing of personal data by us

When we process your personal data on Twitter, it is not collected via our Twitter account. A transfer of data to Twitter, such as IP addresses, due to the embedding of tweets on homepages or similar does not take place.

However, it may be that we retweet tweets from you, reply to tweets from you or compose tweets that refer to you or your Twitter account. To that extent, your public data on Twitter may be made available to followers of our site.

The purposes of the processing on our Twitter presence is to provide information about our products and services, combined with the possibility for users to interact with us in a targeted manner. The legal basis for data processing is Art. 6 par. 1 lit. f GDPR. Our legitimate interest is in particular our business interest in sharing information with our users and being able to communicate with them.

A transfer to authorities takes place only in the presence of overriding legal provisions.

If we publish images of individuals, this is done via consent (legal basis: Art. 6 par. 1 lit. a GDPR), on the basis of a contractual agreement (legal basis: Art. 6 par. 1 lit. b GDPR) and in exceptional cases on the basis of legitimate interests (legal basis: Art. 6 par. 1 lit. f. GDPR).

Third country transfer

It cannot be ruled out that data from users will be processed on systems outside the European Union. Twitter has submitted to the standard contractual clauses and has thus committed itself to comply with the EU data protection standards.

Your right to information, rectification, erasure, objection and data portability

You can exercise your Right to rectification and erasure of data at any time. Simply contact us in the ways described above. If you wish data to be deleted but we are still legally obliged to retain it, access to your data will be restricted (blocked). The same applies in the event of an objection. You can exercise your right to data portability insofar as the technical possibilities are available to the recipient and to us.

Your right of objection

You have the possibility at any time to object to the processing of your personal data on the basis of a legitimate interest in accordance with Art. 6 par. 1 lit. f GDPR or on the basis of public interests in accordance with Art. 6 par. 1 lit. e GDPR.

If we process your personal data for the purposes of direct marketing, you also have the option to object to this processing at any time.

Please communicate your objection via the above-mentioned e-mail address.

If your rights need to be asserted against the Twitter International Company, we will forward your request to the Twitter International Company.

Right of appeal

You have the possibility to file a complaint with a data protection authority at any time.

Legal basis

The processing of the users’ personal data is based on our legitimate interests, in an optimized company and product presentation (Art. 6 para. 1 lit. f GDPR) as well as in the case of participation in competitions or answering product application questions based on a (pre-)contractual relationship pursuant to Art. 6 para. 1 lit. b) GDPR.

Storage purpose

We use our Twitter page to communicate with our customers, interested parties and Twitter users and to inform them about us and our products. In this context, we may receive further information, e.g. due to user comments, private messages or because you follow us or share our content. The processing is solely for the purpose of communicating and interacting with you. In particular, our legitimate interest is our business interest in sharing information with our users and being able to communicate with them.

Storage duration

Your data will be deleted when the purpose ceases to exist, unless there is a retention obligation.

Objection /opportunity of elimination

You can object to the processing of your personal data by Twitter using the above links. Furthermore, you can object to the processing of your personal data by us via our contact options.

10.1.2 Information on data processing on our XING page

We use a XING page. With this privacy policy, we would like to inform you about how your personal data is processed via our XING social media profile (https://www.xing.com/pages/wifor) and who has access to the data you have provided.

As the operators of this social media profile, we are (jointly) the Controller within the meaning of data protection law. This means that we must also ensure that your data is processed lawfully via this profile and that you can also exercise your rights regarding your data against us (cf. Art. 26 GDPR).

Data about you may be collected via this social media profile through cookies, regardless of whether you have an account with XING or not. Cookies are regularly stored on the user’s terminal device when visiting a XING page, including this profile. The information stored in the cookies is received, recorded and processed by XING, in particular when the user visits XING services, services provided by other members of the group of undertakings and services provided by other companies using XING services. In addition, other entities such as XING partners or even third parties may use cookies on the XING services to provide services to companies advertising on XING. For more information on the use of cookies by XING, please refer to their privacy policy.

Cookies are primarily set in order to be able to display personalized advertising to visitors to XING websites, for example. This is done by displaying ads on our XING profile to the user from XING’s advertising partners whose websites the user has previously visited. In addition, cookies enable statistics to be compiled on the use of a social media profile, so that XING and WifOR can track the use of a social media profile.

The collection of your data through cookies as part of the use of the social media profile is not required by law or contract. Nor is this required for the conclusion of a contract. There is therefore no obligation to transfer your data to XING. However, failure to transmit your data (e.g. by blocking cookies) will mean that we will not be able to offer you our social media profile, or only to a limited extent.

WifOR operates this XING page in order to present itself to XING users and other interested persons who visit this XING page, to present information regarding recruiting under entry opportunities at WifOR and to communicate with users. The processing of users’ personal data is based on WifOR’s legitimate interest in optimizing the presentation of the company (Art. 6 par. 1 lit. f GDPR).

You may request from WifOR with regard to the personal data concerning you

Information in the form of a copy of the personal data and the associated information,
provision in a structured and machine-readable format,
in case of their inaccuracy, their correction,
in particular, in the event of withdrawal of your consent or completion of its purpose, erasure, as well as
in certain cases, the restriction of their processing, and
object to the use of your data for direct marketing purposes at any time.

XING users can influence the extent to which their user behavior may be recorded when visiting our XING site under the settings for advertising preferences. Further options are provided by the XING settings or the form for the right to object.

The processing of information by means of the cookie used by XING can also be prevented by not allowing cookies from third-party providers or those from XING in your own browser settings.

Further details on the use of cookies by XING can be found in the data policy (https://privacy.xing.com/de/datenschutzerklaerung).

Legal basis

The processing of users’ personal data is based on our legitimate interests, in an optimized company and product presentation (Art. 6 par. 1 lit. f GDPR) as well as in the case of participation in competitions or answering product application questions on the basis of a (pre-)contractual relationship pursuant to Art. 6 par. 1 lit. b) GDPR.

Purpose of storage

WifOR GmbH operates this XING page in order to present itself to XING users and other interested persons who visit this XING page, to present information regarding recruiting under entry opportunities at WifOR GmbH and to communicate with users. This is also our legitimate interest in an optimized presentation of the company.

Storage period

Your data will be deleted when the purpose ceases to exist, provided there is no obligation to retain it.

Objection/ opportunity of elimination

You can object to the processing of your personal data by Twitter via the above-mentioned links. Furthermore, you can object to the processing of your personal data by us via our contact options.

10.1.2.1 LinkedIn Events

To organize and register for our LinkedIn events, we use special forms that you can use to register directly via LinkedIn. When you fill out a form on LinkedIn, your personal data (first and last name, email address, job title, company name, country/region) will be transmitted to us by LinkedIn. This information is used by us exclusively to manage your event registration and to provide access to the corresponding events.

The events are in most cases held via the video conferencing tool Microsoft Teams from Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521 Ireland, which we use. The processing of data within Microsoft Teams takes place on servers in data centre locations within the European Union. For this purpose, we have entered into a data processing agreement with Microsoft in accordance with Article 28 of the General Data Protection Regulation (GDPR). As part of this agreement, we have agreed comprehensive technical and organizational measures with Microsoft. These measures correspond to the current state of technology in terms of IT security, including access authorization and end-to-end encryption concepts for data transmissions, databases and servers.

With your explicit consent via the additional checkbox in the registration form, we will also use the above-mentioned data to contact you after the event and send you information about our products and services. In this case, we will also store your information beyond the organisation of the event.

The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time free of charge. To withdraw your consent, please send an email to: benno.legler@wifor.com

If you do not consent to being contacted for advertising purposes, your data will be deleted after the event has taken place. If you have given us your consent to contact you for advertising purposes, we will store your data as long as you do not revoke your consent or the purpose no longer applies.

10.1.3 Information on data processing on our LinkedIn page

We also use a page on the platform of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We use this page to:

Present our company and services
Get and stay in touch with the community and followers
Inform the community and followers about current developments and events in our research area
To address questions and concerns from customers and followers

When visiting our site, personal data of users is collected by LinkedIn as the Controller, for example through the use of cookies. Such data collection by LinkedIn may also occur for visitors to this site who are not logged in or registered with LinkedIn. Information about data collection and further processing by LinkedIn can be found in LinkedIn’s privacy policy at https://www.linkedin.com/legal/privacy-policy?_l=de_DE.

WifOR cannot track which user data LinkedIn collects. Nor does WifOR have full access to the data collected or your profile data. WifOR can only see the public information of your profile. You decide what this information is in your LinkedIn settings.

If our site offers a chat function, WifOR uses your data when using the chat function to answer your inquiry. The service and customer care information collected in this way is used to contact you in order to provide you with the requested information and offers.

WifOR receives anonymous statistics on the use and usage of the Page due to legitimate interest of LinkedIn. The following information is provided:

Followers: number of people who follow WifOR – including increases and development over a defined time frame.
Reach: Number of people who see a specific post. Number of interactions on a post. This can be used, for example, to determine which content is better received by the community than others.
Ad performance: How many people were reached and interacted with a post or paid ad.

WifOR uses these statistics, from which we cannot draw any conclusions about individual users, to constantly improve its online offering on LinkedIn and to better respond to the interests of our community. We cannot link the statistical data with the profile data of our followers. You can decide via your LinkedIn settings in which form targeted advertising is displayed to you.

WifOR receives personal data via LinkedIn if you actively communicate this to us via a personal message on LinkedIn. We use your data (e.g. first name, last name, company and position) to respond to your request. Your data will be stored for this purpose.

Legal basis

The processing of users’ personal data is based on our legitimate interests, in an optimized company and product presentation (Art. 6 par. 1 lit. f GDPR) as well as in the case of participation in competitions or answering product application questions based on a (pre-) contractual relationship pursuant to Art. 6 par. 1 lit. b) GDPR.

Purpose of storage

Storage period

Your data will be deleted when the purpose ceases to exist, provided there is no obligation to retain it.

Objection/ opportunity of elimination

You can object to the processing of your personal data by Twitter via the above-mentioned links. Furthermore, you can object to the processing of your personal data by us via our contact options.

10.2 Privacy policy on the use and application of jQuery

This website uses external JavaScript codes and libraries. The libraries of the various providers are integrated externally via a CDN (Content Delivery Network) in order to always have access to the latest and most secure version. In addition, we thus reduce loading times of these pages, as there is a high probability that you have already used the CDN on another page. In that case, your browser can access the cached copy and does not need to download it again. If your browser does not have a cached copy, data such as your IP address is transferred from your browser to the corresponding CDN. The data may also be processed in the USA for this purpose.

The Controller is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure lawful and secure processing of your personal data.

Legal basis

Art. 6 par. 1 lit. f GDPR (legitimate interest).

Storage purpose

The use of external scripts and libraries is necessary for the playout of content on this website and serves to safeguard these legitimate interests.

Storage period

The storage period of your personal data is determined in detail by the regulations of the third-party technologies.

Objection / Possibility of elimination

Right of objection according to section 12.7.

10.3 Privacy policy on the use and application of Fonts.com

This website uses so-called web fonts for the uniform display of fonts, which are provided by Monotype GmbH, Werner-Reimers-Straße 2-4, 61352 Bad Homburg (“fonts.com”). When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

For this purpose, the browser you use must establish a connection to the servers of fonts.com in the USA, whereby your personal data is also transmitted there. This enables fonts.com to know that our website has been accessed via your IP address.

If your browser does not support web fonts, a standard font is used by your computer.

Due to this transfer of your personal data to the USA, we have concluded EU standard data protection clauses with Fonts.com to ensure lawful and secure processing of your personal data.

For more information about these web fonts, please visit https://www.fonts.com/info/legal and read Fonts.com’s privacy policy: https://www.fonts.com/info/legal/privacy and Monotype GmbH’s privacy policy: https://www.monotype.com/legal/privacy-policy.

Legal basis

Art. 6 par. 1 lit. f GDPR (legitimate interest)

Purpose of storage

The purpose and legitimate interest of using Fonts.com is to ensure correct and consistent integration of fonts and texts on our website.

Storage period

The data will be deleted as soon as our legitimate interest no longer exists or we are obliged to delete the data due to legal or statutory orders.

Objection / Possibility of elimination

Right of objection according to section 12.7

10.4 Application and use of Google Tag Manager

Google Tag Manager is a solution that allows us to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool takes care of triggering other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager. Further information: https://tagmanager.google.com/

10.5 Studies request form

10.5.1 General

On our website, you can request free studies in PDF format by filling out a corresponding form and providing your personal data. These studies will be sent to you by e-mail after you have provided your data and confirmation. In order for you to receive the studies, we collect the following personal data from you:

Salutation
Your e-mail address*
Your first and last name
Your job title

Legal basis

Art. 6 par. 1 lit. a GDPR (consent)

Purpose of storage

The storage of the e-mail address is necessary so that the study can be sent to your e-mail address. The name as well as job title are collected and processed for a correct salutation in the corresponding e-mail.

Storage period

The collected data will be deleted after seven days. The other personal data collected during the registration process will also be deleted after a period of seven days.

Objection / Possibility of elimination

Withdrawal according to section 12.8.

10.5.2 Newsletter

In the corresponding form you also have the option to register for our newsletter. After a successful registration, you will receive e-mails at regular intervals, e.g. with product information or news. The registration takes place using the so-called double opt-in procedure. For this purpose, we use the following personal data provided by you.

Your e-mail address
Your first and last name (for the purpose of addressing you)

In addition, the following data is collected during registration:

IP address
Date and time of registration

As part of the registration process, we obtain your consent by using the double opt-in procedure and reference is made to this privacy policy.

Legal basis

Art. 6 par. 1 lit. a GDPR (consent)

Purpose of storage

The storage of the e-mail address is necessary so that the newsletter can be delivered to subscribers. The storage of the IP address and the date and time of registration are technically necessary in order to carry out the registration.

Storage period

Personal data is deleted as soon as the purpose for which it was originally collected no longer applies. Accordingly, the data will be stored as long as the subscription to the newsletter remains active.

Objection / Possibility of elimination

The subscription to the newsletter can be terminated at any time by the respective person. For this purpose, each e-mail of the newsletter contains a corresponding link through which the subscription can be terminated. Termination of the subscription at the same time also constitutes withdrawal of consent to the processing of personal data collected during the registration process.

10.6 Privacy policy on the use and application of Vimeo

Cookie Name: vuid

Vimeo is an online streaming platform that allows us to display videos from Vimeo directly on our website. When using Vimeo, your browser establishes a connection with Vimeo’s servers. In doing so, personal data from you is transferred to Vimeo. These personal data are:

IP address
Technical information about the browser you are using
Information about your operating system
Device information

To the extent that you have a Vimeo account, additional personal data may be collected through cookies set by Vimeo. Vimeo is the Controller for this data processing. Vimeo’s privacy policy is available at: https://vimeo.com/privacy.

Through the cookie set by us, on the one hand, the use of the Vimeo plug-ins is possible, and on the other hand, information on the use of the Vimeo plug-in is stored by the cookie in order to statistically evaluate the use of the service.

Legal basis

Art. 6 par. 1 lit. f GDPR (legitimate interest).

Purpose of storage

Statistical evaluation of Vimeo usage on our website and to unblock content through the plug-in.

Storage period

The cookie is stored for two years.

Objection / Possibility of elimination

By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.

10.7 Privacy policy on the use and application of Google WebFonts

This site uses so-called web fonts provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

The web fonts are transferred to the browser’s cache when the page is called up so that they can be used for display. If the browser does not support Google web fonts or prevents access, the text is displayed in a standard font.

No cookies are set for this purpose when you call up the page. Data transmitted in connection with the page call is sent to resource-specific domains such as fonts.googleapis.com or fonts.gstatic.com. They are not associated with data that may be collected or used in connection with the parallel use of authenticated Google services such as Gmail.

You can set your browser to not load the fonts from Google servers (for example, by installing add-ons such as NoScript or Ghostery for Firefox). If your browser does not support Google Fonts or you disable access to the Google servers, the text will be displayed in the system’s default font.

WifOR GmbH is aware of the transfer of its personal data to a third country and has implemented appropriate safeguards in accordance with Article 46 of the GDPR to ensure lawful and secure processing of its personal data.

Information on the privacy terms of Google Webfonts is available at: https://developers.google.com/fonts/faqPrivacy.

General information on data protection is available in the Google Privacy Center at: http://www.google.com/intl/de-DE/privacy/

Legal basis

Art. 6 par. 1 lit. f GDPR (legitimate interest)

Purpose of storage

The purpose of storage is to improve our website and in visual and functional terms.

Storage period

The data will be deleted as soon as our legitimate interest no longer exists or we are obliged to delete the data due to statutory or legal orders.

Objection / Possibility of elimination

As a user, you have the possibility to object to the processing of your data at any time.

10.8 Privacy policy on the use and application of Vidyard

We use the video platform Vidyard from Buildscale Inc, 8 Queen St. N, Unit #1, Kitchener, ON, Canada, N2H 2G8 on our website. When you visit one of our pages equipped with a Vidyard plugin, a connection to Vidyard’s servers is established. In doing so, the Vidyard server is informed which of our pages you have visited. In the process, personal data from you is transferred to Vimeo. These personal data are:

IP address
Technical information about the browser you are using
Information about your operating system
Device information

Through the cookie set by us, on the one hand, the use of the Vidyard plug-in is possible, on the other hand, information on the use of the Vidyard plug-in is stored by the cookie in order to statistically evaluate the use of the service. Further information about the data processing by Vidyard can be found at: https://www.vidyard.com/privacy/.

Legal basis

Art. 6 para. 1 lit. f GDPR (legitimate interest)

Storage purpose

tatistical analysis on visitor interaction with the website’s video content – This data is used to make the website’s video content more relevant to the visitor.

Storage duration

The cookie is stored for 365 days.

Objection / Possibility of elimination

10.9 Data protection regulations for the juicer plugin

As part of operating our website, we use the “Juicer” plugin provided by saas.group LLC (304 S. Jones Blvd #1205, Las Vegas NV 89107, USA) to improve the user experience of our website visitors by integrating our social media feed.

Juicer offers us the possibility to integrate the activities of our social media presences summarized in the form of a social feed on our website. This gives us the option of including posts from our social media presences based on hashtags. These posts can also be viewed by website visitors who are not logged in with a user account of the integrated social media platforms.

According to its own information, Juicer neither sets cookies nor otherwise stores personal data of persons who use the social feed on our website. You can find more detailed information on data protection in the context of the use of the “Juicer” service of saas.group LLC in the associated data protection statement: https://www.juicer.io/eu-privacy

If you click on a post contained in the social feed, you will be forwarded to the respective social media platform associated with the post. For this purpose, a connection to the servers of the respective social media platform is established, whereby a transmission of your personal data (e.g. IP address) to the respective server takes place. This transmission takes place regardless of whether you are logged in with a user account on the respective social media platform. It cannot be ruled out that with forwarding to the respective social media platform by the corresponding provider, further services and technologies are loaded by the platform. If you are logged into the platform with a user account, this information can be further assigned to your user account. We expressly point out that we have no knowledge of the content of this transmitted data and its use by the provider of the respective social media platform. Further information regarding the handling of data protection of the respective social media platform can be found here:

Xing: https://privacy.xing.com/en/privacy-policy

LinkedIn: https://de.linkedin.com/legal/privacy-policy

X (formerly Twitter): https://twitter.com/de/privacy

10.10 Privacy policy on the use and application of WISIT

We provide services to registered users via https://impact.wifor.com

The use of the services and the associated General Terms and Conditions and respective data processing regulations are outlined separately.

The regulations of WISIT shall apply to any and all activities associated with its respective Principal Contract, in whose scope Processor’s (WifOR) employees or agents process Company’s (client) personal data on behalf of Company as a controller. The scope and duration and the detailed stipulations on the type and purpose of Contract Processing shall therefore be governed by the Principal Contract.

When using our services, personal information such as email-address is required to successfully log in the tool and use its applications. Furthermore, in the process, the following personal data may be collected, for example:

IP address,
geographical location,
type of browser,
duration of the visit,
pages viewed.

Legal basis:

The processing of personal data is carried out in accordance with Article 28 (3) of the EU General Data Protection Regulation (GDPR).

Purpose of storage

WifOR operates WISIT to provide services to its clients. WifOR is constantly seeking to improve its services’ scope and quality. Collected data are therefore used to better understand clients’ needs and improve services accordingly.

Storage period

Your data will be deleted when the purpose ceases to exist, provided there is no obligation to retain it.

Obligations to inform, mandatory written form, choice of law

Where the data becomes subject to search and seizure, an attachment order, confiscation

during bankruptcy or insolvency proceedings, or similar events or measures by third parties

while in WifOR’s control, WifOR shall notify client of such action. WifOR shall notify to all

pertinent parties in such action, that any Data affected thereby is in client’s sole property

and area of responsibility, that Data is at client’s sole disposition, and that client is the

controller within the meaning of the GDPR.

Objection/ opportunity of elimination

You can object to the processing of your personal data by us via our contact options.

Technical and organizational measures pursuant to Art. 32 of the GDPR

Confidentiality (Art. 32 Par. 1 lit. b GDPR)

Access control

No unauthorized access to data processing equipment, e.g.: Magnetic or chip cards, keys, electric door openers, plant security or gatekeepers, alarm systems, video systems;
No unauthorized system use, e.g.: (strong) passwords, automatic locking mechanisms, two-factor authentication, encryption of data media;
No unauthorized reading, copying, modification, or removal within the system, e.g.: Authorization concepts and need-based access rights, logging of accesses;

Separation control

Separate processing of data collected for different purposes, e.g., multi-client capability, sandboxing;

Pseudonymization (Art. 32 para. 1 lit. a GDPR; Art. 25 para. 1 GDPR).

The processing of personal data in such a way that the data can no longer be attributed to a specific data subject without recourse to additional information, provided that such additional information is kept separately and is subject to appropriate technical and organizational measures; Integrity (Art. 32 para. 1 lit. b GDPR)

Disclosure control

No unauthorized reading, copying, modification or removal during electronic transmission or transport, e.g.: Encryption, Virtual Private Networks (VPN), electronic signature;

Input control

Determining whether and by whom personal data has been entered into, modified or removed from data processing systems, e.g.: Logging, document management;

Availability and resilience (Art. 32 para. 1 lit. b GDPR)

Availability control;
Protection against accidental or deliberate destruction or loss, e.g..: Backup strategy (online/offline; on-site/off-site), uninterruptible power supply (UPS), virus protection, firewall, reporting channels and contingency plans;
Rapid recoverability (Art. 32(1)(c) GDPR);

Procedures for regular review, assessment and evaluation (Art. 32(1)(d) GDPR; Art. 25(1) GDPR).

Data protection management;
Incident Response Management;
Data protection-friendly default settings (Art. 25(2) GDPR);
Contract control;
No commissioned data processing within the meaning of Art. 28 GDPR without corresponding instructions from the client, e.g.: Clear contract design, formalized order management, strict selection of the service provider, prior conviction obligation, follow-up checks.

11 Links to third party websites

In addition, we may have links to other websites on our website. It is possible that these websites process your personal data when you visit them. We, WifOR, are not responsible for the data processing on these websites. For more information on the processing of your personal data, please refer to the data protection information of the respective websites.

12 Your rights

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you have the following rights against the Controller:

12.1 Right of access

You may request confirmation from the Controller as to whether personal data concerning you are being processed by us.

If such processing is taking place, you may request the Controller to provide you with the following information:

the purposes for which the personal data are processed;
the categories of personal data which are processed;
the recipients or categories of recipients to whom the personal data concerning you have been or will be disclosed;
the planned period for which personal data relating to you will be stored or, if specific information on this is not possible, criteria for determining the storage period;
the existence of a Right to rectification or erasure of personal data concerning you, a Right to restriction of processing by the Controller or a Right to object to such processing;
the existence of a right of appeal to a supervisory authority;
any available information on the origin of the data, if the personal data are not collected from the data subject;
the existence of automated decision-making, including profiling, pursuant to Article 22 par. 1 and 4 of the GDPR and, at least in these cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.

You have the right to request information about whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

12.2 Right to rectification

You have a Right to rectification and/or completion vis-à-vis the Controller if the processed personal data concerning you is inaccurate or incomplete. The Controller shall carry out the rectification without undue delay.

12.3 Right to restriction of processing

You may request the restriction of processing of personal data concerning you under the following conditions:

if you contest the accuracy of the personal data concerning you for a period enabling the Controller to verify the accuracy of the personal data;
the processing is unlawful and you object to the erasure of the personal data and request instead the restriction of processing of the personal data;
the Controller no longer needs the personal data for the purposes of the processing but you need it for the establishment, exercise or defense of legal claims; or
if you have lodged an objection to the processing pursuant to Article 21 par. 1 GDPR and it has not yet been determined whether the Controller’s legitimate grounds override your grounds.

If the processing of personal data concerning you has been restricted, such data may – apart from being stored – only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the Controller before the restriction is lifted.

12.4 Right to erasure

12.4.1 Obligation to delete

You may request the Controller to delete the personal data concerning you without undue delay, and the Controller shall be obliged to delete such data without undue delay, if one of the following reasons applies:

The personal data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
You withdraw your consent on which the processing was based pursuant to Art. 6 par. 1 lit. a or Art. 9 par. 2 lit. a GDPR and there is no other legal basis for the processing.
You object to the processing pursuant to Art. 21 par. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 par. 2 GDPR.
The personal data concerning you have been processed unlawfully.
The erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the Controller is subject.
The personal data concerning you has been collected in relation to information society services offered pursuant to Art. 8 par. 1 GDPR.

12.4.2 Information to third parties

If the Controller has made the personal data concerning you public and is obliged to erase it pursuant to Article 17 par. 1 GDPR, it shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you, as the data subject, have requested from them the erasure of all links to, or copies or replications of, such personal data.

12.4.3 Exceptions

The right to erasure shall not apply to the extent that the processing is necessary

for the exercise of the right to freedom of expression and information;
for compliance with a legal obligation which requires processing under Union or Member State law to which the Controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
for reasons of public interest in the area of public health pursuant to Article 9 par. 2 lit. h and i and Article 9 par. 3 GDPR;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89 par. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously prejudice the achievement of the purposes of such processing; or
for the assertion, exercise or defense of legal claims.

Furthermore, the right to erasure does not exist if the personal data must be stored by the Controller due to statutory retention obligations and periods. In such a case, the personal data will be blocked instead of erased.

12.5 Right to Information

If you have exercised the Right to rectification, erasure or restriction of processing vis-à-vis the Controller, the Controller shall be obliged to notify all recipients to whom the personal data concerning you have been disclosed of such rectification or erasure of the data or restriction of processing, unless this proves impossible or involves a disproportionate effort.

You have the right against the Controller to be informed about these recipients.

12.6 Right to data portability

You have the right to receive the personal data concerning you that you have provided to the Controller in a structured, commonly used and machine-readable and interoperable format. In addition, you have the right to transfer this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that.

the processing is based on consent pursuant to Art. 6 par. 1 lit. a GDPR or Art. 9 par. 2 lit. a GDPR or on a contract pursuant to Art. 6 par. 1 lit. b GDPR and
the processing is carried out with the help of automated procedures.

In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

12.7 Right of objection

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6 par. 1 lit. e or f GDPR; this also applies to profiling based on these provisions.

The Controller shall no longer process the personal data concerning you unless it can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

If you object to the processing for purposes of the direct marketing, the personal data concerning you will no longer be processed for these purposes.

You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

12.8 Right to withdraw your consent under data protection law

You have the right to withdraw your declaration of consent under data protection law at any time and without giving reasons. In the event of withdrawal, we will immediately delete your personal data and no longer process it. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

12.9 Automated decision in individual cases including profiling

You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

is necessary for the conclusion or performance of a contract between you and the Controller,
is permitted by legal provisions of the Union or the Member States to which the Controller is subject and these legal provisions contain appropriate measures to protect your rights and freedoms as well as your legitimate interests; or
is made with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 par. 1 GDPR, unless Art. 9 par. 2 lit. a or g applies and appropriate measures have been taken to protect the rights and freedoms as well as your legitimate interests.

With regard to the cases mentioned in (1) and (3), the Controller shall take reasonable steps to safeguard the rights and freedoms as well as your legitimate interests, which include, at a minimum, the right to obtain the intervention of a person on the part of the Controller, to express his or her point of view and to contest the decision.

12.10 Right to complain to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

Date: August 2021

Controller: WifOR GmbH

Part B: Customer and supplier information, at the same time

Information on data processing pursuant to Art. 12 et seq. GDPR

Dear Lady,
Dear Sir,
Dear Customer,

due to the legal regulations of the General Data Protection Regulation (GDPR), we are obliged to provide you with comprehensive information (Art. 13 GDPR) about the processing of your personal data, which we are very happy to do.

Data protection and the handling of your personal data are very important to us, so we always ensure proper processing of your personal data. If you have any questions about the processing of your data, both we and our data protection officer are available to answer them. Furthermore, the data protection officer is not subject to any instructions, is independent in his position and is legally obligated to maintain secrecy and confidentiality (Art. 38 GDPR, § 38 BDSG), so that you can contact him in confidence.

Regarding the processing of your personal data, we inform you of the following:

Controller

Controller for the processing of your personal data:

WifOR GmbH
Rheinstraße 22
64283 Darmstadt
Tel.: +496151501550
Telefax: +4961515015529
Email: kontakt@wifor.com

Managing director, head of data processing

Management

Managing Director of the Controllers are:

Prof. Dr. Dennis A. Ostwald

Head of data processing

Head of data processing is:

Benno Legler
WifOR GmbH
Joseph-Haydn-Straße 1
10557 Berlin
Tel.: +49 151 / 467 203 25
E-Mail: benno.legler@wifor.com

Data protection officer

The data protection officer is:

Benno Legler
WifOR GmbH
Joseph-Haydn-Straße 1
10557 Berlin
Tel.: +49 151 / 467 203 25
Email: benno.legler@wifor.com

Address of the controller

WifOR GmbH
Rheinstraße 22
64283 Darmstadt

Purpose of the data processing

The Economic Research Institute WifOR works in the fields of applied science and independent economic research. The business purpose of the institute is the preparation of independent studies and analyses. WifOR was founded in 2009 as a spin-off of the TU Darmstadt and conducts research on topics including the health economy, international social policy, sustainability, innovations and global value chains. Clients include companies, associations, international government organizations and NGOs. The headquarters is in Darmstadt, with additional locations in Berlin, Greece, Ireland, Latin America and the USA.

Your personal data is processed for the purpose of establishing, implementing and terminating a contractual relationship with you.

Categories of personal data

Within the scope of this, we process the following personal data or categories of personal data from you in particular:

Company
Regular customer data:
- Name
- First name
- Position
- E-mail address (business)
- Telephone number
- Address data

Legal basis of the processing

The legal basis for the processing of your personal data follows from:

The processing is necessary for the fulfillment of a contract according to Art. 6 par. 1 lit. b) GDPR (E.g.: purchase, delivery and service contracts).
Your consent to data processing according to Art. 6 par. 1 lit. a), 7 GDPR (e.g. newsletter, transfer to branches in third countries),
Fulfillment of a legal obligation and in individual cases pursuant to Art. 6 par. 1 lit c) GDPR (e.g. reports to the tax office; responses to legal and data protection inquiries).
Based on our legitimate interest, after a balancing of interests, pursuant to Art. 6 par. 1 lit. f) GDPR (e.g. advertising vis-à-vis existing customers, exercising domiciliary rights; assertion of legal claims and defense in legal disputes; ensuring IT security and the IT operation of the Controller; prevention and investigation of criminal offences; video surveillance serves to collect evidence in the event of criminal offences. They thus serve to protect customers and employees as well as to exercise domiciliary rights; measures for building and facility security (e.g., access controls).

Recipient or category of recipient
In order to fulfill our contractual and legal obligations, your data will be forwarded to the following recipients or categories of recipients:

Clerk
Head of department
Banking institutions
External service providers (please indicate)
- IT service provider
- Hosting service provider
- Tax advisor, legal advisor, auditor
Tax office
Document destruction
Data protection officer
Etc.
Transfer to a third country

It is not intended to transfer your data to a third country. If we nevertheless transfer your data to an entity in a third country, we will inform you of this and the guarantees offered by the entity within the meaning of Art. 44 et seq. GDPR before the planned transfer.

Period for which data will be stored, erasure of personal data

In order to fulfill our contractual and legal obligations, we store the data for the following periods, unless there is a legitimate interest within the meaning of Art. 6 par. 1 lit. f) GDPR that would justify longer storage:

To the extent necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract. In addition, we are subject to various retention and documentation obligations, which result, among other things, from the German Commercial Code (HGB) and the German Fiscal Code (AO). The retention and documentation periods specified there are up to ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), are generally 3 years, but in certain cases can be up to thirty years.

In detail:

Business correspondence: 10 years, § 147 I No. 4,5 in conjunction with III AO; § 257 I No. 1, 4 in conjunction with § 238 I HGB
Contracts: 10 years, § 147 I No. 4,5 in conjunction with III AO; § 257 I No. 1, 4 in conjunction with § 238 I HGB
Receipts for invoices: 10 years, § 147 I No. 4,5 in conjunction with III AO; § 257 I No. 1, 4 in conjunction with § 238 I HGB
Applications: 90 days (if no employment relationship is established)
Judgments, decisions and titles: 30 years
Existence of a Right to Information, Rectification, etc.

You have the following rights with respect to us regarding personal data concerning you:

Right to information
Right to rectification or erasure
Right to restriction of processing
Right to data portability
Right to complain to a data protection supervisory authority about the processing of your personal data by us if you do not agree with the handling of your data as well as
Right of withdrawal: you have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal;
Right to object: you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 par. 1 lit. e or f of the GDPR; this also applies to profiling based on these provisions. As a result of the declared objection, we will no longer process the personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Direct marketing: If the personal data concerning you is processed for the purposes of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object to the processing for purposes of the direct marketing, the personal data concerning you will no longer be processed for these purposes.
Objection through automated procedures: You have the possibility, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, to exercise your right to object by means of automated procedures using technical specifications.

Date: September 2023

Controller: WifOR GmbH

Data pro­tec­ti­on in­for­ma­ti­on

Data protection information