1 Name and address of the controller
The controller in the sense of the General Data Protection Regulation (GDPR), of the data protection regulations holding good in the member states of European Union and of other regulations with a legal data-protecting character is the:
Telefon: +49 615150155-0
Telefax: +49 615150155-29
2 Name and address of the data protection officer
The data protection officer of the controller for the processing is:
Tel.: +49 151 / 467 203 25
Each data subject can turn at any time directly to our data protection officer with all questions and suggestions on data protection.
The data protection information of the WifOR GmbH is based on the definitions which have been used by the European directive and order issuing office in formulating the General Data Protection Regulation (GDPR). The data protection information of the WifOR GmbH should be easily read and understood not only by the general public but also by our customers and business partners. In order to ensure this, we would like to clarify in advance the definitions used.
In this data protection information and on our website, we use – amongst others – the following terms:
3.1 Personal data
Personal data is any information relating to an identified or identifiable natural person (hereafter “data subject”). Defined as identifiable is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
3.2 Data subject
Data subject is each identified or identifiable natural person, whose personal data is processed by the controller for the processing.
Processing means any operation or set of operations which is carried out in connection with personal data – whether or not by automated means – such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
3.4 Restricting of the processing
Restricting of the processing is the marking of personal data as stored with the objective of restricting its processing in the future.
Profiling is each type of the automated processing of personal data, which consists of this personal data being used to permit particular personal aspects relating to a particular natural person, and here in particular aspects in respect of work performance, economic situation, health, personal likes, interests, reliability, behaviour, place of residence or change of place of residence of this natural person to be evaluated, analysed or forecast.
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, in so far as this additional information is kept in a special way and subjected to technical and organizational measures which ensure that the personal data cannot be assigned to an identified or identifiable natural person.
3.7 Controller or party responsible for the processing
Controller or party responsible for the processing (hereafter controller) is the natural person or legal entity, authority, institution or other post, which alone or together with others decides on the purposes and means of the processing of personal data. If the purposes and means of the processing are laid down in European Union legislation or the legislation of the member states, then the controller or the particular criteria of the appointment of this controller in accordance with European Union legislation or the legislation of the member states can be provided.
Processor is a natural person or legal entity, authority, institution or other post, which processes the personal data on the instructions of the controller.
Recipient is a natural person or legal entity, authority, institution or other post to which personal data are disclosed regardless of whether this is a third party or not. However, authorities, which receive within the framework of a particular investigation order in accordance with European Union legislation or the legislation of the member states data which possibly may be/contain personal data, do not hold good as recipients.
3.10 Third party
Third party is a natural person or legal entity, authority, institution or other post with the exception of the data subject, the controller, the order processor and those persons which are authorized under the direct responsibility of the controller or of the order processor to process the personal data.
Consent is each declaration of will given voluntarily by the data subject for the definite case in an informed and unambiguous manner in the form of a declaration or other unambiguous confirmatory action, with which the data subject makes clear that he/she agrees to the processing of personal data relating to himself/herself.
4 General information on data processing; legal basis, purposes of processing, duration of storage, objection, and possibility of erasure
4.1 General information on the legal basis
Where we obtain the consent of the data subject for the processing of personal data, Article 6(1)(a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data.
Art. 6 para. 1 lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
Art. 6 para. 1 lit. d GDPR serves as a legal basis in the event that vital interests of the data subject or another natural person necessitate the processing of personal data.
If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.
4.2 General information on data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data may be stored if the European or national legislator has provided for this in EU regulations, laws or other provisions to which the person responsible is subject. The data shall also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless it is necessary for further storage of the data for the conclusion or performance of a contract.
4.3 General information on processing on our website
Data protection, data security and secrecy protection have high priority for us. The permanent protection of your personal data, your company data and your trade secrets is particularly important to us.
In principle, you can visit our website without providing any personal information. However, if you make use of the services of our company via our website, this requires the disclosure of your personal data. In general, we use the data communicated by you and collected by the website and the data stored during use exclusively for our own purposes, namely for the implementation and provision of our website and for the initiation, implementation and processing of the services offered via the website (contract performance) and do not pass these on to outside third parties, unless there is an officially ordered obligation to do so. In all other cases, we will obtain your separate consent.
Your personal data will be processed in accordance with the requirements of the General Data Protection Regulation and in accordance with the country-specific data protection regulations applicable to us. By means of this data protection note, we would like to inform you about the type, scope and purpose of the personal data processed by us. In addition, we will inform you of your rights by means of this data protection notice.
We have implemented technical and organizational measures to ensure adequate protection of personal data processed via this website. Nevertheless, Internet-based data transmissions can in principle have security gaps, so that absolute protection cannot be guaranteed.
5 Collecting of general data and information
The website of WifOR collects a range of general data and information each time the website is called by a data subject or an automated system. This general data and information is stored in the log files of the server. Able to be collected are: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website, from which an accessing system reaches our website (so-called referrer), (4) the sub-websites, which are steered to on our website via an accessing system, (5) the date and time of an access to the website, (6) an Internet-protocol-address (IP-address), (7) the Internet service provider of the accessing system and (8) other similar data and information, which serve the warding off of hazards in the case of attacks to our IT systems.
In using this general data and information WifOR draws no conclusions about the data subject. Much more is this information needed (1) to be able to deliver out the content of our website correctly, (2) to permit the optimization of the content of our website and of the advertising for this, (3) to ensure the durable functionality of our IT systems and of the technology of our website and (4) to be able to make available to the law enforcement authorities the information necessary for criminal prosecution in the case of a cyber attack. This anonymously collected data and information is evaluated by WifOR on the one hand statistically and on the other hand with the objective of increasing the data protection and the data security in our company in order finally to ensure an optimal level of protection for the personal data processed by ourselves. The anonymous data of the server-logfiles are stored separately from all the personal data stated by a data subject.
||Objection / opportunity for elimination
Article 6 Para. 1 lit. f GDPR
The temporary storing of the IP-address by the system is necessary to permit the delivery of the website to the computer of the user. For this the IP-address of the user must remain stored for the duration of the session.
The data is deleted as soon as it is no longer necessary for achieving the purpose of their collection. This is the case when the particular session has ended in situations where the data is collected for making the website available.
This is the case at the latest seven days after the time when the data was stored in log files. More extensive storing is possible. In this case the IP-addresses of the users are deleted or distorted so that an assignment of the client calling in is no longer possible.
No because the data is essential for operating of the website
6 E-mail contact
Provided on our website contact can be established via the e-mail address provided (in the imprint) or direct e-mail links to employees of WifOR. In this case the personal data of the user transmitted with the e-mail is stored.
In this connection no data is passed on to third parties. The data is used exclusively for the processing of the conversation and will immediately be deleted if it is no longer needed.
7 Data protection with applications and application processes
We collect and process the personal data of applicants for the purpose of progressing the application process. The processing can also be carried out electronically. This is in particular the case when an applicant sends to us relevant application documents by an electronic route, e.g. per e-mail. If we conclude a contract of employment with yourself as applicant, the data transmitted will be stored for purposes of progressing the employment relationship subject to observation of the legal regulations. If a contract of employment is not concluded by the party responsible for the processing with the applicant, then the application documents will be automatically deleted six months after notification of the rejection in so far as there is no other legitimate interest of the party responsible for the processing against deletion. Another legitimate interest in this sense is, for example, an obligation of proof in a process in accordance with the German General Equal Treatment Act.
8.1 Description and scope of the data processing
If a strictly necessary cookie is used:
We employ cookies in order to arrange our website in a more user-friendly manner. Certain elements of our website require that the calling browser can also be identified after a page change.
In the cookies the following date is stored and transmitted:
A list of the data stored follows. Examples can be:
- Language settings
- Articles in a shopping basket
- Log-in information
If in addition a cookie, that is non-essential, is used:
We use on our website in addition cookies which permit an analysis of the surfing behaviour of the user.
In this way the following data can be transmitted:
A list of the data collected follows. For example, these can be:
- Search terms entered
- Frequency with which pages are called
- Use of website functions
The data of the user collected in this way is pseudonymized by technical processes. Accordingly, assignment of the data to the user calling in is no longer possible. The data collected is not stored together with other personal data of the user.
||Objection / opportunity for elimination
Article 6 Para. 1 lit. f GDPR (legitimate interests) for strictly technically essential cookies
In addition: Article 6 Para. 1 lit. a GDPR
Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies we learn how the website is used and in this way, we can continually optimize our offer.
These purposes also include our legitimate interest in the processing of the personal data in accordance with Article 6 Para. 1 lit. f GDPR.
By carrying out a change to the settings of your browser you can deactivate cookies or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be carried out automatically. However, if cookies for our website are deactivated, it may no longer be possible to use all the functions of the website in full.
The transmission of flash cookies cannot be prevented via the browser settings but requires changes to the setting of the flash player.
9 Analysis tools
9.1 Data protection regulations for the use and application of Google Analytics (with anonymization function)
We have integrated on this website the Google Analytics component (with anonymization function). Google Analytics is a web-analysis service. Web-analysis is the collecting, compilation and evaluating of data concerning the behaviour of the visitors to websites. A web-analysis service collects – amongst other things – data on from which website (the so-called referrer) a data subject has come to a website, which subsites of the website were accessed or how often and for what period a subsite was watched. Web-analysis is used primarily for optimization of a website and for cost-benefit analysis of Internet advertising.
The operating company of the Google-Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Anonymization of the IP address
The party responsible for the processing uses the suffix „gat.anonymizeIp“ for the web analysis via Google Analytics. With the aid of this suffix the IP-address of the Internet connection of the data subject is abbreviated and anonymized if the access to our website comes from a member state of the European Union or from another signatory of the agreement on the European Economic Area.
The purpose of the Google Analytics component is the analysis of the visitor flows to our website. Google uses the data and information obtained in order to – amongst other things – evaluate the use of our website, to prepare for us online reports which show the activities on our website and to provide further services linked with the use of our website.
Google Analytics sets a cookie on the IT system of the data subject. What cookies are has been explained above. The setting of cookies enables Google to analyze the use of our website. With each call of an individual page of this website, which is operated by the party responsible for the processing and on which a Google Analytics component has been integrated, the Internet browser on the IT-system of the data subject is automatically caused by the particular Google Analytics component to transmit data to Google for the purpose of online analysis. Within the framework of this technical process, Google obtains knowledge of personal data such as the IP-address of the data subject, which data enables Google to – amongst other things – trace the origin of the visitor and clicks and as a consequence to make possible the issuing of commission invoices.
With the aid of cookies items of information related to personal data, e.g. the access time, the place from which an access started and the frequency of the visits to our website by the data subject, are stored. With each visit to our website this personal data including the IP-address of the Internet connection used by the data subject is transmitted to the United States of America. This personal data is stored by Google in the U.S.A. In certain circumstances Google passes on this personal data as collected via the technical process to third parties.
As has already been described above, the data subject can prevent the setting of cookies by our website at any time by making an appropriate setting on his/her Internet browser as used and thereby object to the setting of cookies in a durable manner. Such a setting of the Internet browser used would also prevent Google from setting a cookie on the IT system of the data subject. In addition, a cookie that has already been set by Google Analytics, can be deleted at any time via the Internet browser or another software program.
Objection to the setting of cookies
The WifOR GmbH is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure that your personal data is processed lawfully and securely.
Further information and the valid and applicable data protection regulations of Google can be called under https://www.google.de/intl/de/policies/privacy/ as well as under http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link: https://www.google.com/intl/de_de/analytics/.
9.2 Data protection regulations for the use and application of HubSpot (with anonymization function
We use the services of the software manufacturer HubSpot. HubSpot is a software company from the USA with a branch in Ireland (HubSpot European Headquarters, Ground Floor, Two Dockland Central, Guild Street, Dublin 1, Ireland).
HubSpot is a service platform. The service used is an integrated software solution that allows us to manage customer data and cover various aspects of our online marketing. This includes, among other things, the analysis of landing pages and reporting. In the process, so-called “web beacons” are used and cookies are stored on the terminal device you use.
In the process, the following personal data may be collected, for example:
- IP address,
- geographical location,
- type of browser,
- duration of the visit,
- pages viewed.
The collected information as well as the content of our website is stored on servers of our software partner HubSpot Ireland. We use HubSpot to analyze the use of our website. This allows us to constantly optimize our website and make it more user-friendly. We also use information to determine which of our company’s services are of interest to customers and newsletter subscribers and to contact them for advertising purposes. In addition, we use the evaluation to optimize our web offer for you.
However, we only use your IP address in a shortened version. This means that the IP address of users is shortened by HubSpot within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a HubSpot server in the USA and shortened there.
The cookies have a usual lifetime of 13 months. In addition, we delete the personal data collected via HubSpot as soon as the purpose for which it was collected has been achieved, unless legal retention periods prevent deletion.
The information generated by the cookie about the use of the online offer by users may also be transmitted to a Google server in the USA and stored there. The processing is based on EU standard contractual clauses. Through this, HubSpot offers a guarantee of compliance with European data protection law.
10 Usage of other tools
10.1 Information about data processing on our Facebook-Fanpage
We, WifOR GmbH, operate our own Facebook fan page at https://www.facebook.com/WifOR-1285302061585167/. As the operator of this Facebook page, we, together with the provider of the social network Facebook (Facebook Ireland Ltd.), are responsible within the meaning of Art. 4 No. 7 of the General Data Protection Regulation (GDPR). When visiting our Facebook page, personal data of the page visitors are processed by both controllers.
We have concluded an agreement with Facebook on joint data protection controllership (Page Controller Addendum). With this agreement, Facebook acknowledges its joint responsibility with regard to so-called Insights data and assumes essential data protection obligations to inform data subjects, to ensure data security or to report data protection violations. In addition, the agreement stipulates that Facebook is primarily the point of contact for the exercise of data subjects’ rights (Art. 15 – 22 GDPR). As a provider of the social network, Facebook alone has direct access to the required information and can also immediately take any necessary measures and provide information. Should our support nevertheless be necessary, we can be contacted at any time.
- Use of Insights and Cookies
- Comments and messages; participation in competitions
On our Facebook fan page you also have the opportunity to comment on our contributions, rate them and get in touch with us via private messages or take part in competitions.
||Objection / opportunity for elimination
We operate this Facebook page in order to present, interact and communicate with the users of Facebook as well as other interested persons and our customers who visit our Facebook page. The processing of the users’ personal data is based on our legitimate interests, in an optimized company and product presentation (Art. 6 para. 1 lit. f GDPR) as well as when participating in competitions or answering product application questions based on a (pre-)contractual relationship according to Art. 6 para. 1 lit. b) GDPR.
The processing of the information generated by Insights is intended to enable us, as the operator of the Facebook fan page, to obtain statistics that Facebook compiles based on visits to our Facebook fan page. The purpose of this is to control the marketing of our activity. For example, it allows us to gain knowledge of the profiles of visitors who like our Facebook page or use applications of the page in order to provide them with more relevant content and develop features that may be of greater interest to them. In addition, to help us better understand how our Facebook Page can better achieve our business goals, demographic and geographic analyses are also created and provided to us based on the information we collect. We can use this information to target interest-based ads without directly knowing the identity of the visitor. If visitors use Facebook on multiple devices, the collection and analysis can also take place across devices if they are registered visitors who are logged into their own profiles.
The visitor statistics created are transmitted to us exclusively in anonymized form. We have no access to the underlying data.
Furthermore, we use our Facebook page to communicate with our customers, interested parties and Facebook users and to inform them about us and our products. In this context, we may receive further information, e.g. due to user comments, private messages or because you follow us or share our content. The processing takes place exclusively for the purpose of communication and interaction with you.
Your data will be deleted when the purpose ceases to exist, provided there is no obligation to retain it.
Facebook users can influence the extent to which their user behavior may be recorded when visiting our Facebook page under the settings for advertising preferences. Further options are offered by the Facebook settings or the form for the right to object.
It cannot be ruled out that some of the information collected may also be processed outside the European Union by Facebook Inc. based in the USA. Facebook Inc. has submitted to the standard contractual clauses adopted by the EU Commission and thus undertakes to comply with European data protection requirements.
We ourselves do not pass on any personal data that we receive via our Facebook page.
- Information on contact possibilities and other rights as a data subject
For further information on our contact data, including our data protection officer, the rights of data subjects vis-à-vis us and how we process personal data, please refer to the relevant sections of this data protection declaration.
10.2 Data protection regulations for the processing on our Twitter-Fan page
We, WifOR GmbH, use a Twitter fan page under the name @WifOR_Institute. In the following we would like to inform you about the processing of your personal data on our Twitter fan page.
- Processing of personal data by Twitter
Twitter is a service provided by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103 U.S.A.
We would like to point out that you use the services provided by Twitter Inc. and all related functions (e.g. sharing and rating of content) on your own responsibility.
Information about the data processing carried out by Twitter Inc. and the corresponding purposes pursued can be found in the data protection declaration of Twitter Inc.
We have no influence on the type and scope of the data processed by Twitter Inc. or its transfer to third parties. We have no means of control in this regard.
Your data is collected and processed by Twitter Inc. Your personal data is transferred to the United States, Ireland and any other country in which Twitter Inc. does business, regardless of your place of residence.
Data that you have voluntarily submitted to Twitter Inc. will be processed by Twitter Inc. (e.g. name and username, email address, telephone number or the contacts in your address book) if you upload them.
In addition, Twitter Inc. evaluates the content you share. As a result, Twitter Inc. determines the topics and content you are interested in. Furthermore, confidential messages that you send to other users of Twitter are processed. GPS data, wireless network information or your IP address are used to determine your location and to send you content, usually advertising.
The evaluation is carried out with the help of various analysis tools, such as Google Analytics. The use of such analysis tools by Twitter is not subject to our control or influence. If such analysis tools are used by Twitter Inc., we were not informed about the use of such tools. As a result, Twitter Inc. has not been engaged by us to provide support or assistance in the use of such analysis tools. Furthermore, the results of such analysis are not made available to us. Only anonymised information about the response generated by tweets (clicks, likes, etc.) can be viewed by us. The use of analysis tools on our Twitter account cannot be turned off and there are no other ways to prevent such use.
Twitter also receives data from visitors who do not have a Twitter account when they view content on Twitter. This log data includes the IP address, the type of browser used, the operating system, information about the website and pages you have previously visited, location, mobile phone provider, cookies or search terms and the end device used.
Twitter also has the option of recording visits to websites and assigning them to the corresponding Twitter account if so-called Twitter buttons or widgets have been embedded in the respective website.
It is possible for you to restrict the processing of your data by Twitter. To do so, you can open the general settings of your Twitter account and change your privacy settings under “Privacy and Security”.
You can control and individualize your privacy settings here:
- Additional assistance is available for this purpose:
You can also change certain settings for your mobile devices (e.g. smartphones, tablets, etc.) so that Twitter has limited access to your contact data, location data, calendar data or photos, among other things. These setting options differ depending on the operating system used on your mobile device.
For more information and assistance, please visit
10.3 Data protection regulations for the processing on our XING page
We use a XING page. With this data protection policy, we would like to inform you about how your personal data is processed via our XING social media profile (https://www.xing.com/pages/wifor) and who has access to the data you have provided.
As the operator of this social media profile, we are (jointly) the controller within the meaning of data protection law. This means that we must also ensure that your data is processed lawfully on this profile and that you can also exercise your rights regarding your data against us (see Art. 26 GDPR).
Cookies are primarily set in order to be able to display personalized advertising to visitors to XING websites, for example. This is done by displaying ads on our XING profile to the user from XING’s advertising partners whose websites the user has previously visited. In addition, cookies enable statistics to be compiled on the use of a social media profile, so that XING and WifOR can track the use of a social media profile.
The collection of your data through cookies as part of the use of the social media profile is not required by law or contract. Nor is this required for the conclusion of a contract. There is therefore no obligation to transmit your data to XING. However, failure to transmit your data (e.g. by blocking cookies) will mean that we will not be able to offer you our social media profile, or only to a limited extent.
WifOR operates this XING page in order to present itself to XING users and other interested persons who visit this XING page, to present information regarding recruiting among job entry opportunities at WifOR, and to communicate with users. The processing of users’ personal data is based on WifOR’s legitimate interest in an optimized presentation of the company (Art. 6 para. 1 lit. f GDPR).
You may request from WifOR with regard to the personal data concerning you
- Information by means of a copy of the personal data and the associated information,
- Provision of the data in a structured and machine-readable format,
- in case of their inaccuracy, their correction
- in particular, in the event of withdrawal of your consent or completion of its purpose, its erasure, as well as
- in certain cases, the restriction of their processing and
- to object to the use of your data for direct marketing purposes at any time.
XING users can influence the extent to which their user behavior may be recorded when visiting our XING site under the settings for advertising preferences. Further options are provided by the XING settings or the form for the right to object.
The processing of information by means of the cookie used by XING can also be prevented by not allowing cookies from third-party providers or those from XING in your own browser settings.
10.4 Data protection regulations for the processing on our LinkedIn page
We also use a page on the platform of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We use this page to:
- Present our company and services
- Get and stay in touch with the community and followers
- Inform the community and followers about current developments and events in our research area
- Address questions and concerns from customers and followers
WifOR cannot track which user data LinkedIn collects. Nor does WifOR have full access to the data collected or your profile data. WifOR can only see the public information of your profile. You decide what this information is in your LinkedIn settings.
If our site offers a chat function, WifOR uses your data when using the chat function to answer your inquiry. The service and customer care information collected in this way is used to contact you in order to provide you with the requested information and offers.
WifOR receives anonymous statistics on the use and usage of the Page due to legitimate interest of LinkedIn. The following information is provided:
- Followers: number of people who follow WifOR – including increases and development over a defined time frame.
- Reach: Number of people who see a specific post. Number of interactions on a post. This can be used, for example, to determine which content is better received by the community than others.
- Ad performance: How many people were reached and interacted with a post or paid ad.
WifOR uses these statistics, from which we cannot draw any conclusions about individual users, to constantly improve its online offering on LinkedIn and to better respond to the interests of our community. We cannot link the statistical data with the profile data of our followers. You can decide via your LinkedIn settings in which form targeted advertising is displayed to you.
WifOR receives personal data via LinkedIn if you actively communicate this to us via a personal message on LinkedIn. We use your data (e.g., first name, last name, company and position) to respond to your request. Your data will be stored for this purpose.
The controller is aware of the transfer of your personal data to a third country and has implemented appropriate safeguards in accordance with Art. 46 GDPR to ensure lawful and secure processing of your personal data.
||Objection / opportunity for elimination
Article 6 Para. 1 lit. f GDPR
The use of external scripts and libraries is necessary for the display of content on this website and serves to safeguard these legitimate interests.
The storage period of your personal data is determined in detail by the regulations of the third-party technologies.
Right to object acc. to clause 12.7.
10.6 Use of Fonts.com
This website uses so-called web fonts for the uniform display of fonts, which are provided by Monotype GmbH, Werner-Reimers-Straße 2-4, 61352 Bad Homburg (“fonts.com”). When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must establish a connection to the servers of fonts.com in the USA, whereby your personal data is also transmitted there. This enables fonts.com to know that our website has been accessed via your IP address.
If your browser does not support web fonts, a standard font is used by your computer.
Due to this transfer of your personal data to the USA, we have concluded – possibly modified – EU standard data protection clauses with Fonts.com to ensure lawful and secure processing of your personal data.
||Objection / opportunity for elimination
Article 6 Para. 1 lit. f GDPR
The purpose and legitimate interest of using Fonts.com is to ensure correct and consistent integration of fonts and texts on our website.
The data will be deleted as soon as our legitimate interest no longer exists, or we are obliged to delete the data due to statutory or legal requirements.
Right to object acc. to clause 12.7.
10.7 Use of Google Tag Manager
Google Tag Manager is a solution that allows us to manage website tags through one interface. The Tag Manager tool itself (which implements the tags) is a cookie-less domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If Google Tag Manager has been deactivated at the domain or cookie level, this deactivation remains in place for all tracking tags implemented with Google Tag Manager. Further information: https://tagmanager.google.com/
10.8 Form for the request of studies
10.8.1 General information
On our website, you can request free studies in PDF format by filling out a corresponding form and providing your personal data. These studies will be sent to you by e-mail after you have provided your data and confirmation. In order for you to receive the studies, we collect the following personal data from you:
- Your e-mail address
- Your first and last name
- Your job title
In the corresponding form you also have the option to register for our newsletter. After a successful registration, you will receive e-mails at regular intervals, e.g. with product information or news. The registration takes place using the so-called double opt-in procedure. For this purpose, we use the following personal data provided by you.
- Your e-mail address
- Your first and last name (for the purpose of addressing you personally)
- In addition, the following data is collected during registration:
- IP address
- Date and time of registration
As part of the registration process, we obtain your consent by using the double opt-in process and reference is made to this Data Protection information.
||Objection / opportunity for elimination
Legal foundation for the processing of the data following the user requesting sending of the newsletter is – when the consent of the user is held – Article 6 Para. 1 lit. a GDPR.
The collection of the e-mail serves to permit the newsletter to be sent.
The collection of other personal data within the framework of the application process serves to prevent misuse of the services or of the e-mail used. The collection of other personal data within the framework of the application process serves to prevent abuse of the services or of the e-mail address used.
The date is deleted as soon as it is no longer necessary for achieving the purpose of their collection. Accordingly, the e-mail address of the user is kept stored for as long as the subscription for the newsletter is active.
The other personal data collected within the framework of the application process is deleted as a rule after a period of seven days.
The subscription for the newsletter can be terminated at any time by the relevant user. For this purpose, there is an appropriate deactivation link in each issue of the newsletter.
Terminating the subscription represents at the same time a revocation of the consent to the storing of personal data collected during the application process.
11 Links to external websites
In addition, we may have links to other websites on our website. It is possible that these websites process your personal data when you visit them. We, WifOR, are not responsible for the data processing on these websites. For more information on the processing of your personal data, please refer to the data protection notices of the respective websites.
12 Your rights
If your personal data is processed, then you are the data subject in the sense of the GDPR and you are entitled to the following rights vis à vis the controller:
12.1 Right of access by the data subject
You can demand from the controller confirmation as to whether personal data, that relates to you, has been processed by ourselves.
If such processing has taken place, you can demand information on the following from the controller:
- The purposes for which the personal data is processed;
- The categories of personal data which are processed;
- The recipients or, as the case may be, the categories of recipients to which the personal data relating to you has been disclosed or will be disclosed;
- The planned duration of the storage of the personal data relating to you or – if concrete statements on this are not possible – the criteria for the laying down of duration of storage;
- The existence of a right to correction or deletion of the personal data relating to yourself, of a right to a restriction of the processing by the controller or of a right of objection to this processing;
- The existence of a right of appeal at a supervisory authority;
- All the available information on the origin of the data if the personal data was not collected at the data subject;
- The existence of an automated decision-finding process including profiling in accordance with Article 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information on the logic involved and its scope and the effects strived for of such a processing for the data subject in question.
You are entitled to the right to demand information on whether the personal data relating to yourself is transmitted to a third country or an international organization. In this connection you can demand to be instructed on the suitable guarantees in accordance with Article 46 GDPR in connection with the transmission.
12.2 Right to rectification
You have a right to correction and/or complementing vis à vis the controller in so far as the personal data as processed and which relates to yourself is incorrect or incomplete. The controller has to carry out the correction without delay.
12.3 Right to restriction of the processing
Subject to the meeting of the following preconditions you can demand restriction of the processing of the personal data relating to you:
- if you dispute the correctness of the personal data relating to yourself for a period which makes it possible for the controller to check the correctness of the personal data;
- the processing is unlawful and you reject deletion of the personal data and instead demand restriction of the use of the personal data;
- the controller no longer needs the personal data for purposes of the processing but you need the data for the advancing, exercising or defending of legal claims, or
- if you have advanced objection to the processing in accordance with Article 21 Para. 1 GDPR but it has not yet been established whether the justified reasons of the controller outweigh your reasons.
If the processing of the personal data relating to yourself has been restricted, then this data – apart from the storing of this – may only be processed with your consent or for the assertion, exercising or defending of legal claims or for the protection of the rights of another natural person or legal entity or for reasons relating to an important public interest of the European Union or of a member state.
If the restriction of the processing has been restricted in accordance with the afore-mentioned preconditions, then you will be informed by the controller before the restriction is removed.
12.4 Right to deletion
12.4.1 Deletion obligation
You can demand of the controller that the personal data relating to yourself is deleted without delay and the controller is then obliged to delete this data without delay in so far as one of the following reasons applies:
- The personal data relating to yourself is no longer required for the purposes for which it was collected or for which it was processed.
- You withdraw your consent, on which processing in accordance with Article 6 Para. 1 lit. a or Article 9 Para.2 lit. a GDPR was based, and there is no other legal basis for the processing.
- You submit an objection to the processing in accordance with Article 21 Para. 1 GDPR and there are no justified reasons for the processing with a higher priority, or you submit an objection to the processing in accordance with Article 21 Para. 2 GDPR.
- The personal data relating to you was processed in an unlawful manner.
- The deletion of the personal data relating to you is required to fulfil a legal obligation in accordance with European Union law or the law of the member states, which laws the controller is subject to.
- The personal data relating to you was collected in relation to services offered by the information company in accordance with Article 8 Para. 1 GDPR.
12.4.2 Information to third parties
If the controller has made the personal data relating to you public and if he/she is obliged to delete this data in accordance with Article 17 Para. 1 GDPR, then he/she shall take reasonable measures including ones of a technical nature – whereby account shall be taken of the available technology and the implementation costs – to inform the responsible parties for the data processing which process the personal data that you as data subject have demanded from them the deletion of all links to this personal data or of copies or replicates of these.
The right to deletion does not exist in so far as the processing is necessary for
- the exercising of the right of free expression of opinion and to information;
- for the fulfilment of a legal obligation, which requires the processing in accordance with the law of the European Union or the law of the member states, which laws the controller is subject to, or for the carrying out of a task, which lies in the public interest or which is carried out in the exercising of public authority, which authority was transferred to the controller;
- for reasons of public interest in the field of public health in accordance with Article 9 Para. 2 lit. h and i as well as Article 9 Para. 3 GDPR;
- for archiving purposes, scientific or historical research purposes lying in the public interest or for statistical purposes in accordance with Article 89 Para. 1 GDPR, in so far as the right named in section a) probably makes the reaching of the objectives of the processing impossible or impairs it seriously, or
- for the advancing, exercising or defending of legal claims.
Moreover, the right to deletion does not exist in so far as the personal data has to be stored by the controller in order to fulfill legal duties to preserve records and legal retention periods. In such a case instead of deletion blockage of the personal data applies.
12.5 Right to information
If you have advanced the right to the correcting, deleting or restricting of the processing vis à vis the controller, then the latter is obliged to inform all recipients, to which the personal data relating to you was disclosed, of this correction or deletion of the data or of the restricting of the processing, unless this proves itself to be impossible or linked with unreasonable expenditure.
You are entitled to the right vis à vis the controller to be informed about these recipients.
12.6 Right to data portability
You have the right to receive the personal data relating to you, which you made available to the controller, in a structured, conventional and machine-readable format. In addition, you have the right to transmit this data to another controller without hindrance by the controller to whom the personal data was made available, in so far as
- the processing is based on a consent in accordance with Article 6 Para. 1 lit. a GDPR or Article 9 Para. 2 lit. a GDPR or on a contract in accordance with Article 6 Para. 1 lit. b GDPR and
- the processing is carried out with the aid of automated processes.
In exercising this right, you have in addition the right to bring about the situation that the personal data relating to you is transferred directly from one controller to another controller in so far as this is technically possible. The freedoms and rights of other persons may not be impaired thereby.
The right to data portability does not hold good for the processing of personal data, which is necessary for the carrying out of a task, which lies in the public interest or in the exercising of public authority and which task was transferred to the controller.
12.7 Right to object
For reasons which result from your particular situation you have the right to advance at any time objection to the processing of the personal data relating to you, which processing is carried out on the basis of Article 6 Para. 1 lit. e or f GDPR; this right also holds good for profiling based on these provisions.
The controller shall then no longer process the personal data relating to you, unless he/she can demonstrate compelling reasons worthy of protection, which reasons overweigh your interests, rights and freedoms or where the processing serves the advancing, exercising or defending of legal claims.
If the personal data relating to you is processed for the carrying out of direct advertising, then you have the right to advance at any time objection to the processing of the personal data relating to you for purposes of such advertising; this holds good too for profiling in so far as this is carried out in connection with such direct advertising.
If you object to the processing for purposes of direct advertising, then the personal data relating to you will no longer be processed for these purposes.
You have the opportunity – in connection with the use of services of the information company and regardless of directive 2002/58/EC – to exercise your right of objection with the aid of automated processes in which technical specifications are used.
12.8 Right to withdraw from the declaration of consent under data protection law
You have the right to withdraw your consent at any time and without giving reasons. In the event of withdrawal we immediately will delete your personal data and no longer process it. The legality of the processing carried out on the basis of your given consent and carried out prior to your withdrawal is not affected by you withdrawal.
12.9 Automated decision-making in individual cases including profiling
You have the right to not subject yourself to a decision based solely on an automated processing process – including profiling – which unfolds a legal effect vis à vis yourself or which impairs you significantly in a similar way. This does not hold good if the decision
- is necessary for the concluding or fulfilment of a contract between you and the controller,
- is permissible on the basis of legal regulations of the European Union or of its member states, which the controller is subject to, and these regulations contain reasonable measures for the maintenance of your rights and freedoms as well as for your legitimate interests or
- is carried out with your explicit consent.
However, these decisions may not be based on particular categories of personal data in accordance with Article 9 Para. 1 GDPR, in so far as Article 9 Para. 2 lit. a or g does not hold good and reasonable measures have been taken for the protection of the rights and freedoms as well as of your legitimate interests.
In respect of the cases named in (1) and (3) above the controller shall take reasonable measures to ensure the rights and freedoms as well as your legitimate interests, whereby belonging thereto is at the least the right to the affecting of the intervention of a person on the side of the controller for the representation of the controller’s standpoint and to the challenging of the decision.
12.10 Right to complain with a supervisory authority
Regardless of another regulatory or judicial remedy, you are entitled to the right to lodge a complaint with a supervisory authority and here in particular at a supervisory authority in the member state of your place of residence, of your place of work or of the place where the suspected infringement took place when you are of the opinion that the processing of the personal data relating to you infringes the GDPR.
In this situation the supervisory authority, at which the complaint was lodged, shall inform the complainant on the status and the results of the complaint including the possibility of a judicial remedy in accordance with Article 78 GDPR.
Controller: WifOR GmbH