The following provides an overview of which information we collect when you visit our web pages and how it is used:
1. Name and address of the controller
The Wista® Group
74906 Bad Rappenau
As operator of the website www.wista.com, we are the controller in the meaning of the GDPR and other data protection regulations that apply in specific countries.
2. Data protection officer
You can contact our data protection officer at firstname.lastname@example.org at any time to address any issues relating to data protection.
3. Personal data
Personal data means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Purpose of use and relevant personal data
The extent and nature of data collection, processing and use depends on whether you visit our website merely to access generally available information or to use additional services.
a) Informational use
As a rule, it is not necessary for you to provide us with personal data if you use our website for exclusively informational purposes. In this case, we only collect data that your Internet browser automatically transfers to us when accessing our web pages, for instance
- the IP address of your device
- the data and time of page retrieval
- your browser type, version and a few browser settings
- your operating system (Windows, iOS, Linux etc.)
- the volume of data transferred and the data transfer status
- the website from which you accessed our page
- other similar data and information that is used to mitigate threats in the case of attacks on our information technology systems.
The IP address of your device is only stored in log files for the duration of your use of the website and is then deleted immediately or truncated for the purpose of anonymisation. The other data is stored for a limited period. We use this data for the operation of our website, in particular to identify and correct website errors, to determine website load and to make adjustments or improvements.
b) Use in the event that additional services are accessed
It may be necessary for you to provide additional personal data if you wish to use other services by our company. Each dialogue box will state which personal data you must provide so that we can perform the requested service. You may submit additional information voluntarily. Compulsory information is marked with an asterisk (*), while voluntary information is not. Your data is processed exclusively for the purpose of performing the service requested by you.
Personal data that you enter in a form on our website will be used to contact you and send the information and answers you requested. As a company, our employees all depend on sharing information as equally as possible. This is why we transfer customer data to our permanent establishments, branch offices, distributors and suppliers of trade products whenever it is necessary in individual cases. We do not transfer personal data under other circumstances.
If you wish to subscribe to our newsletter, we require your email address, as well as confirmation that you are the rightful owner of the email address and consent to receipt of the newsletter. This data is only collected for the purpose of being able to send you the newsletter and to document our authorisation to do so. The data is not transferred to third parties. You may cancel your subscription to our newsletter at any time, with effect for the future.
The following data is also collected during the registration process:
- IP address of the accessing device
- date and time of registration
6. Cookies and web analytics tools
b) Use of Google Universal Analytics
c) Google Maps
This website uses Google Maps, a Google map service used to show an interactive map. By accessing Google Maps, information generated about your use of this website (including your IP address) may be transferred to a Google server in the USA and stored there. Google may transfer the information obtained to third parties for compliance with a legal obligation or if third parties process this data on behalf of Google. Your Internet browser does not establish a connection to the Google servers until you actively click on the interactive map. For more information on how Google processes data, visit: https://www.google.com/policies/privacy/
8. Our social media presence/data processing by social networks
Our social media accounts are intended to maintain an informational presence on the Internet. This is a legitimate interest in the meaning of Art. 6 paragraph 1 point f GDPR. The social networks may use a variety of legal bases for their analytical processes, but the operators of the social networks must specify which basis applies in each case (e.g. consent within the meaning of Art. 6 paragraph 1 point a GDPR).
Controller and exercise of rights
If you visit our social media presences (e.g. Facebook), in addition to the operator of the social media platform we are joint controllers of all data processing operations triggered by your visit. You may exercise your rights (information, rectification, erasure, restriction of processing, data portability and lodging a complaint) in every case towards us and towards the operator of the individual social media platform (e.g. Facebook). Bear in mind that despite our position as joint controllers with the operators of the social media platforms, we do not have complete control over the data processing performed by the social media platforms. Our options are largely determined by the individual provider’s corporate policies.
Duration of storage
The data we collect directly on the social media presence is erased from our systems as soon as the purpose of its storage no longer applies, you request its erasure, withdraw your consent to its storage or the purpose of data storage no longer applies. Stored cookies remain on your device until they are deleted by you. Compulsory legal obligations – especially storage periods – are unaffected. We are unable to influence the period for which the operators of the social networks store your data for their own purposes. For more details, please seek information directly from the operators of the social networks (e.g. in their privacy policies, see below).
Individual social medi
Instagram functions are integrated in our pages. These functions are operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. If you are logged in to your Instagram account, you can link the contents of our pages to your Instagram profile by clicking on the Instagram button. At present, you must assume that by doing so, a direct connection to the provider’s services will be established and that at least your IP address and device information will be collected and used. It is also possible that an attempt will be made to place cookies on your device.
We only use embedded YouTube videos in privacy-enhanced mode in order to protect your privacy. This means that YouTube will not place cookies on the device of a user who views a website with an embedded YouTube video, but does not select playback on the video. If the video is played, YouTube can place cookies on the user’s device, although personal information is not stored by selecting playback on embedded videos. For more information on data protection by YouTube (Google), visit www.google.de/intl/de/policies/privacy
Our website used plug-ins by the video platform Vimeo. It is operated by Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA.
A connection is established to the Vimeo servers if you visit one of our pages with an integrated Vimeo plug-in. The Vimeo server will be notified of which page on our website you visited. Vimeo will also obtain your IP address. This also applies if you are not logged into your Vimeo account or do not have an account with Vimeo. The information collected by Vimeo is transferred to the Vimeo server in the United States.
If you are logged into your Vimeo account, Vimeo will be able to assign your Internet usage to your personal profile. You can prevent this by logging out of your Vimeo account.
Comments and contributions
If users leave comments or other contributions, their IP addresses may be stored for seven days on grounds of our legitimate interests within the meaning of Art. 6 para. 1 point f GDPR. This takes place for security reasons, in case a person posts unlawful content in comments or contributions (insults, prohibited political propaganda etc.) In this case, we may be prosecuted for the comment or contribution and are therefore interested in the identity of the author.
We also reserve the right, based on our legitimate interests pursuant to Art. 6 para 1 point f GDPR, to process user information for the detection of spam.
Until such time as the user objects, we will permanently store the personal information disclosed in the comments and contributions, as well as any contact and website information and content.
Subscriptions to comment feeds
Users may subscribe to a feed for subsequent comments by providing consent according to Art. 6 para 1 point a GDPR. Users will receive a confirmation email to verify that they are the owner of the email address they provided. Users can cancel their subscriptions to comment feeds at any time. The confirmation email will contain information on the unsubscribe options. For the purpose of proving user consent, we store the time of registration together with the users’ IP address and delete this information when users unsubscribe.
You may cancel the receipt of our subscription at any time, meaning withdraw your consent. Prior to deletion, we are authorised to store the registered email addresses for up to three years based on our legitimate interest, as proof that consent was provided. Processing of this data will be restricted to the defence of any claims. Users may request deletion at any time, provided they simultaneously confirm their original consent.
When users make contact with us (e.g. using the contact form, by email, telephone or via social media), their details will be processed in order to deal with and respond to their enquiries. The legal basis for this is Art. 6 para 1 point b (for measures undertaken prior to entering into a contract), Art. 6 para 1 point f (other enquiries) GDPR. The user details may be stored in a Customer Relationship Management system (CRM system) or a similar system for organising enquiries.
We delete the enquiries as soon as they are no longer necessary. We review this necessity every two years; the statutory archiving requirements apply additionally.
10. No transfer of your personal data
We do not transfer your personal data to third parties, unless you have consented to the transfer of data or we are authorised or obliged to transfer data due to legal regulations and/or official or court orders. This may refer in particular to the disclosure of information for the purposes of law enforcement, risk mitigation or the exercise of intellectual property rights.
11. Data security
All information that you transfer to us is stored on servers within the European Union. We implement technical and organisational measures to protect our website and other systems from loss, destruction, access, modification or dissemination of your data by unauthorised persons. In particular, we use encryption technology to transfer your personal data. For this purpose, we use the TLS 1.2 cryptographic protocol (Transport Layer Security).
12. Your rights
You have the right
- to obtain from us at no cost information concerning the personal data that we have stored about you (right to information)
- to obtain from us confirmation of whether we process personal data concerning you (right to confirmation)
- to obtain from us without undue delay erasure of the personal data concerning you, provided
- its processing is no longer necessary and the other conditions of the GDPR for erasure have been satisfied (right to erasure)
- to obtain from us immediate rectification and completion of inaccurate personal data concerning you (right to rectification)
- to obtain from us restriction of processing of your personal data (right to restriction of processing)
- to obtain from us the personal data concerning you in a structured, common and machine-readable format (right to data portability)
- to object to the processing of your personal data (right to object)
- You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or affects you in a similarly significantly way (right to individual decision-making).
Furthermore, you have the right to withdraw your consent to the processing of your personal data at any time with effect for the future.
Please contact our data protection officer for additional information concerning your rights.
13. Erasure and blockage of your personal data once its purpose is fulfilled
We process and store personal data only for as long as is necessary for the fulfilment of its purpose, and for no longer than until the end of the statutory retention and storage periods. Upon fulfilment of the purpose and expiry of the statutory retention and storage periods, the personal data will be erased or blocked in accordance with data protection regulations.
14. Right to lodge a complaint
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
Pursuant to Art. 56 GDPR, the competent supervisory authority for data protection in the event of complaints is:
The Commissioner for Data Protection and Freedom of Information in the State of Baden-Württemberg, Dr Stefan Brink
Postfach 10 29 32
Phone: +49 711 615541-0
Fax: +49 711 615541-15
Information for customers and suppliers pursuant to Art. 13/ Art. 14 GDPR