The importance of compliance.

Thank you for visiting our website We attach considerable importance to the protection of your personal data and we want you to feel safe when visiting our website. We protect your privacy and your personal data. We process your personal data in accordance with the content of this privacy policy, the data protection regulations that apply to us in specific countries and the General Data Protection Regulation (GDPR). 


Privacy policy

The following provides an overview of which information we collect when you visit our web pages and how it is used:

1. Name and address of the controller
The Wista® Group
Buchhäckerring 27
74906 Bad Rappenau

As operator of the website, we are the controller in the meaning of the GDPR and other data protection regulations that apply in specific countries.

2. Data protection officer
You can contact our data protection officer at at any time to address any issues relating to data protection.

3. Personal data
Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Information concerning your use of our website is also classified as personal data. In this regard, we collect personal data from you as follows: Information concerning your visits to our website, for instance the volume of data transferred, the location from which you access data from our website and other connection data, as well as files and other content you access. Log files and cookies are generally used for this purpose. You will find additional information on log files and cookies later on in this privacy policy.
Purpose of use and relevant personal data
The extent and nature of data collection, processing and use depends on whether you visit our website merely to access generally available information or to use additional services.

a) Informational use
As a rule, it is not necessary for you to provide us with personal data if you use our website for exclusively informational purposes. In this case, we only collect data that your Internet browser automatically transfers to us when accessing our web pages, for instance

  • the IP address of your device
  • the data and time of page retrieval
  • your browser type, version and a few browser settings
  • your operating system (Windows, iOS, Linux etc.)
  • the volume of data transferred and the data transfer status
  • the website from which you accessed our page
  • other similar data and information that is used to mitigate threats in the case of attacks on our information technology systems.

The IP address of your device is only stored in log files for the duration of your use of the website and is then deleted immediately or truncated for the purpose of anonymisation. The other data is stored for a limited period. We use this data for the operation of our website, in particular to identify and correct website errors, to determine website load and to make adjustments or improvements.

b) Use in the event that additional services are accessed
It may be necessary for you to provide additional personal data if you wish to use other services by our company. Each dialogue box will state which personal data you must provide so that we can perform the requested service. You may submit additional information voluntarily. Compulsory information is marked with an asterisk (*), while voluntary information is not. Your data is processed exclusively for the purpose of performing the service requested by you.

4. Forms
Personal data that you enter in a form on our website will be used to contact you and send the information and answers you requested. As a company, our employees all depend on sharing information as equally as possible. This is why we transfer customer data to our permanent establishments, branch offices, distributors and suppliers of trade products whenever it is necessary in individual cases. We do not transfer personal data under other circumstances.

5. Newsletter
If you wish to subscribe to our newsletter, we require your email address, as well as confirmation that you are the rightful owner of the email address and consent to receipt of the newsletter. This data is only collected for the purpose of being able to send you the newsletter and to document our authorisation to do so. The data is not transferred to third parties. You may cancel your subscription to our newsletter at any time, with effect for the future.
The following data is also collected during the registration process:

  • IP address of the accessing device
  • date and time of registration


6. Cookies and web analytics tools
a) Use of cookies
We use cookies to track visitor preferences and to optimise the design of our web pages. Cookies are small text files that are placed on your computer when you visit our website. You can delete cookies at any time you wish. Bear in mind, however, that you may not be able to use all functions if you do so. Go to the Help tab of your browser to learn how to delete cookies.

b) Use of Google Universal Analytics
This website uses Google Universal Analytics, a web analytics service provided by Google Inc., Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google). Google Universal Analytics also uses cookies, which are text files placed on your computer to help the website analyse your use of this website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the United States and stored there. However, if IP anonymisation is activated on this website, your IP address will first be truncated by Google in member states of the European Union or in other member states of the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the United States and truncated there. 
Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity and to provide us with additional services related to website and Internet use. The IP address transferred by your browser within Google Universal Analytics will not be associated with other Google data. You may refuse the use of cookies by selecting the appropriate settings on your browser. Bear in mind, however, that you may not be able to use all functions of this website if you do so. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in that is available at the following link ( For more information in this regard, visit and (general information about Google Analytics and data protection). Please note that the code “gat._anonymizeIp();” has been added to Google Universal Analytics on this website in order to guarantee anonymised collection of IP addresses (IP masking).

c) Google Maps
This website uses Google Maps, a Google map service used to show an interactive map. By accessing Google Maps, information generated about your use of this website (including your IP address) may be transferred to a Google server in the USA and stored there. Google may transfer the information obtained to third parties for compliance with a legal obligation or if third parties process this data on behalf of Google. Your Internet browser does not establish a connection to the Google servers until you actively click on the interactive map. For more information on how Google processes data, visit:

8. Our social media presence/data processing by social networks
We have public profiles on social networks. You will find a list of the social networks we use later on in this privacy policy. Social networks such as Facebook etc. can usually perform a comprehensive analysis of your user behaviour when you visit their website or a website with integrated social media content (e.g. “Like” buttons or advertising banners). A large number of processing activities with relevance to data protection are triggered by visiting our social media presence. They are: If you are logged in to your social media account and visit our social media presence, the operator of the social media platform can assign this visit to your user account. Under certain circumstances, your personal data may also be collected even if you are not logged in or do not have an account with the individual social media platform. In this case, the data is collected by cookies that are stored on your device, by recording your IP address or by other means. Operators of the social media platforms can use the collected data to create user profiles containing your preferences and interests. This enables the display of interest-based advertising inside and outside the individual social media presence. If you have an account with the individual social network, this interest-based advertising can be shown on all devices on which you are or have been logged in. Bear in mind also that we are not always aware which processing operations are being performed on the social media platforms. Depending on the provider, the operators of the social media platforms may therefore carry out additional processing. For detailed information in this regard, refer to the privacy policies for the individual social media platforms..

Legal basis
Our social media accounts are intended to maintain an informational presence on the Internet. This is a legitimate interest in the meaning of Art. 6 paragraph 1 point f GDPR. The social networks may use a variety of legal bases for their analytical processes, but the operators of the social networks must specify which basis applies in each case (e.g. consent within the meaning of Art. 6 paragraph 1 point a GDPR).

Controller and exercise of rights
If you visit our social media presences (e.g. Facebook), in addition to the operator of the social media platform we are joint controllers of all data processing operations triggered by your visit. You may exercise your rights (information, rectification, erasure, restriction of processing, data portability and lodging a complaint) in every case towards us and towards the operator of the individual social media platform (e.g. Facebook). Bear in mind that despite our position as joint controllers with the operators of the social media platforms, we do not have complete control over the data processing performed by the social media platforms. Our options are largely determined by the individual provider’s corporate policies.

Duration of storage
The data we collect directly on the social media presence is erased from our systems as soon as the purpose of its storage no longer applies, you request its erasure, withdraw your consent to its storage or the purpose of data storage no longer applies. Stored cookies remain on your device until they are deleted by you. Compulsory legal obligations – especially storage periods – are unaffected. We are unable to influence the period for which the operators of the social networks store your data for their own purposes. For more details, please seek information directly from the operators of the social networks (e.g. in their privacy policies, see below).

Individual social medi

We have a profile on Facebook. It is operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. You can adjust the advertising settings in your user account yourself. To do this, select the following link and then sign in: For more information, visit the Facebook privacy policy at:

Instagram functions are integrated in our pages. These functions are operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. If you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button. At present, you must assume that by doing so, a direct connection to the provider’s services will be established and that at least your IP address and device information will be collected and used. It is also possible that an attempt will be made to place cookies on your device.
For more information, visit the Instagram privacy policy at:

Videos by the provider YouTube are integrated on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. YouTube uses cookies to collect data and compile statistics. These statistics enable YouTube to evaluate how often a video was watched, whether it was watched on YouTube or, if not, in which website it was embedded.
We only use embedded YouTube videos in privacy-enhanced mode in order to protect your privacy. This means that YouTube will not place cookies on the device of a user who views a website with an embedded YouTube video, but does not select playback on the video. If the video is played, YouTube can place cookies on the user’s device, although personal information is not stored by selecting playback on embedded videos. For more information on data protection by YouTube (Google), visit

Our website used plug-ins by the video platform Vimeo. It is operated by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
A connection is established to the Vimeo servers if you visit one of our pages with an integrated Vimeo plug-in. The Vimeo server will be notified of which page on our website you visited. Vimeo will also obtain your IP address. This also applies if you are not logged into your Vimeo account or do not have an account with Vimeo. The information collected by Vimeo is transferred to the Vimeo server in the United States.
If you are logged into your Vimeo account, Vimeo will be able to assign your Internet usage to your personal profile. You can prevent this by logging out of your Vimeo account.
For more information about the management of user data, visit the Vimeo privacy policy at:

9. Blog 
Comments and contributions 
If users leave comments or other contributions, their IP addresses may be stored for seven days on grounds of our legitimate interests within the meaning of Art. 6 para. 1 point f GDPR. This takes place for security reasons, in case a person posts unlawful content in comments or contributions (insults, prohibited political propaganda etc.) In this case, we may be prosecuted for the comment or contribution and are therefore interested in the identity of the author. 
We also reserve the right, based on our legitimate interests pursuant to Art. 6 para 1 point f GDPR, to process user information for the detection of spam. 
When conducting surveys, we reserve the right, on the same legal basis, to store the IP addresses of users for the duration of the survey and to use cookies to avoid multiple votes. 
Until such time as the user objects, we will permanently store the personal information disclosed in the comments and contributions, as well as any contact and website information and content. 

Subscriptions to comment feeds  
Users may subscribe to a feed for subsequent comments by providing consent according to Art. 6 para 1 point a GDPR. Users will receive a confirmation email to verify that they are the owner of the email address they provided. Users can cancel their subscriptions to comment feeds at any time. The confirmation email will contain information on the unsubscribe options. For the purpose of proving user consent, we store the time of registration together with the users’ IP address and delete this information when users unsubscribe. 
You may cancel the receipt of our subscription at any time, meaning withdraw your consent. Prior to deletion, we are authorised to store the registered email addresses for up to three years based on our legitimate interest, as proof that consent was provided. Processing of this data will be restricted to the defence of any claims. Users may request deletion at any time, provided they simultaneously confirm their original consent. 

Making contact 
When users make contact with us (e.g. using the contact form, by email, telephone or via social media), their details will be processed in order to deal with and respond to their enquiries. The legal basis for this is Art. 6 para 1 point b (for measures undertaken prior to entering into a contract), Art. 6 para 1 point f (other enquiries) GDPR. The user details may be stored in a Customer Relationship Management system (CRM system) or a similar system for organising enquiries. 
We delete the enquiries as soon as they are no longer necessary. We review this necessity every two years; the statutory archiving requirements apply additionally. 

10. No transfer of your personal data
We do not transfer your personal data to third parties, unless you have consented to the transfer of data or we are authorised or obliged to transfer data due to legal regulations and/or official or court orders. This may refer in particular to the disclosure of information for the purposes of law enforcement, risk mitigation or the exercise of intellectual property rights.

11. Data security
All information that you transfer to us is stored on servers within the European Union. We implement technical and organisational measures to protect our website and other systems from loss, destruction, access, modification or dissemination of your data by unauthorised persons. In particular, we use encryption technology to transfer your personal data. For this purpose, we use the TLS 1.2 cryptographic protocol (Transport Layer Security).

12. Your rights
You have the right

  • to obtain from us at no cost information concerning the personal data that we have stored about you (right to information)
  • to obtain from us confirmation of whether we process personal data concerning you (right to confirmation)
  • to obtain from us without undue delay erasure of the personal data concerning you, provided 
  • its processing is no longer necessary and the other conditions of the GDPR for erasure have been satisfied (right to erasure) 
  • to obtain from us immediate rectification and completion of inaccurate personal data concerning you (right to rectification)
  • to obtain from us restriction of processing of your personal data (right to restriction of processing)
  • to obtain from us the personal data concerning you in a structured, common and machine-readable format (right to data portability)
  • to object to the processing of your personal data (right to object)
  • You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or affects you in a similarly significantly way (right to individual decision-making).


Furthermore, you have the right to withdraw your consent to the processing of your personal data at any time with effect for the future.
Please contact our data protection officer for additional information concerning your rights.

13. Erasure and blockage of your personal data once its purpose is fulfilled
We process and store personal data only for as long as is necessary for the fulfilment of its purpose, and for no longer than until the end of the statutory retention and storage periods. Upon fulfilment of the purpose and expiry of the statutory retention and storage periods, the personal data will be erased or blocked in accordance with data protection regulations.

14. Right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR. 
Pursuant to Art. 56 GDPR, the competent supervisory authority for data protection in the event of complaints is:
The Commissioner for Data Protection and Freedom of Information in the State of Baden-Württemberg, Dr Stefan Brink

Postal address:
Postfach 10 29 32
70025 Stuttgart 
Phone: +49 711 615541-0
Fax: +49 711 615541-15
Information for customers and suppliers pursuant to Art. 13/ Art. 14 GDPR


Compulsory information for customers and suppliers