Data Privacy Statement

I. Name and address of the provider

The provider within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States and other provisions under data protection law is:

WÖHR Autoparksysteme GmbH
Ölgrabenstr. 14
71292 Friolzheim
Germany

+49 7044 46 0
info@woehr.de
www.woehr.de


II. Name and address of the data protection officer

The controller's data protection officer:
 
Matthias Reichert
WÖHR Autoparksysteme GmbH
 
 

III. General information on processing activities

1. Scale of processing of personal data

We generally only collect and use personal data of our users if this is necessary to provide a functional website or our contents and services. Collection and use of personal data of our users shall usually only take place with the user's consent. An exemption shall apply in such cases where prior consent cannot be acquired for factual reasons and where processing of the data is permitted by the law.

(Personal data are any data that permit a conclusion as to you personally, e.g. your name, address, email addresses, user behaviour.)

When you contact us by email or through a contact form, the complete data disclosed by you (your email address, name and possibly your phone number) will be saved by us in order to answer your questions. We will erase the data arising in this context after storage is no longer necessary, or we shall restrict processing if there are any legal archiving obligations.

2. Legal basis relating to processing of personal data

As far as we acquire the consent of the data subject for processing of personal data, point (a) of Article 6(1) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

For legal processing of personal that is necessary to perform a contract of which the data subject is a party, point (b) of Article 6(1) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

As far as processing of personal data is necessary to perform a legal obligation that our company is subject to point (c) of Article 6(1) GDPR serves as the legal basis.

If any vital interests of the data subject or any other natural person requires processing of personal data, point (d) of Article 6(1) GDPR serves as the legal basis.

If processing is necessary to maintain a legitimate interest of our company or a third party and if the interests, fundamental rights and fundamental freedoms of the data subject do not override the former interest, point (f) of Article 6(1) GDPR serves as the legal basis for processing.

3. Data erasure and duration of storage

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may furthermore take place when this is intended by the European or national legislator in regulations under Union law, laws or other rules that the controller is subject to. Blocking or erasure of the data shall also take place if a storage period necessary according to the standards named expires, except if further storage of the data is required for conclusion of a contract or performance of a contract.

Note: Our employees are trained in data protection and committed to secrecy in order to ensure secure processing of your data. Furthermore, awareness of our employees about data protection subjects is regularly enhanced.


IV. Provision of the website and compilation of log files

1. Description and scale of processing activities

Every time you call our website, our system will automatically record data and information from the computer system of the calling computer.

The following data will be collected in the course of this:

  • Information concerning the browser type and the version used
  • The user's operating system
  • The user's internet service provider
  • The user's internet protocol address
  • Date and time of the access
  • Websites from which the user's system reaches our website
  • Websites that are called up by the user's system via our website

The data are also stored in our system's log files. These data will not be stored together with any other personal data concerning the user.

2. Legal basis for processing activities

The legal basis for temporary storage of the data and log files is point (f) of Article 6(1) GDPR.

3. Purpose of processing activities

The temporary storage of the internet protocol address by the system was necessary in order to make it possible to send the website to the user's computer. For this, the user's internet protocol address must remain stored for the duration of the session.

Storage in log files shall take place in order to ensure the function of the website. We also use the data for optimisation of the website and to ensure the security of our information-technical systems. The data are not evaluated for marketing purposes in this context.

These purposes also reflect our legitimate interest in the processing activities in accordance with point (f) of Article 6(1) GDPR.,

4. Duration of storage

The data are deleted as soon as they are no longer necessary to achieve the purpose of their collection. If data are recorded for provision of the website, this is the case when the respective session is ended.

If your data are stored in log files, this will be the case at the latest after seven days. Storage beyond this will be possible. In such a case, the internet protocol addresses of the users will be deleted or changed so that it can no longer be assigned to the calling client.

5. Right to object and removal option

Collection of the data for provision of the website and recording of the data in log files is mandatory for operation of the website. Accordingly, the user cannot object to this.


V. Use of cookies

a) Description and scale of processng activities

Our website uses cookies. Cookies are text files that are stored in the web browser or on the user's computer system by the web browser. If a user calls up a website, a cookie can be stored on the user's operating system. This cookie contains a characteristic character sequence that permits unique identification of the browser when calling up the website again.

We use cookies in order to make our website more user-friendly. Some elements of our website require identification of the calling browser even after a page change.

The cookies store and transmit the following data and information:

  1. PHP Session
  2. Google Analytics

In addition to this, we use cookies on our website that permit analysis of the users' surfing behaviour.

This way, the following data can be transmitted:

  1. Search terms entered
  2. Frequency of page calls
  3. Use of website functions

The user data collected in this manner will be pseudonymised by technical precautions. Therefore, assignment of the data to the calling user is no longer possible. The data are not stored together with any other personal data of the user.

When calling up our website, users will be informed about use of cookies for analysis purposes in a banner and referred to this data protection statement. In this context, they will also be informed how the storage of cookies can be prevented in the browser settings.

b) Legal basis for processing activities

The legal basis for processing of personal data using technically necessary cookies is point (f) of Article 6(1) GDPR.

The legal basis for processing of personal data using cookies for analysis purposes is point (a) of Article 6(1) GDPR if the user has consented to this.

c) Purpose of processing activities

The purpose of using technically necessary cookies is simplifying use of websites for the users. Some functions of our website cannot be offered without using cookies. For this, the browser must be recognised after a page change as well.

We need cookies for the following applications:

  1. PHP Sessions
  2. Google Analytics

The user data collected by the technically necessary cookies are not used to compile user profiles.

Analysis cookies are used in order to improve the quality of our website and its contents. The analysis cookies will tell us how the website is used and enable us to continually optimise our offer.

These purposes also reflect our legitimate interest in processing the personal data in accordance with point (f) of Article 6(1) GDPR.

d) Duration of storage,objection and removal option

Cookies are stored on the user's computer and transmitted to our page by it. Therefore, you as the user also have the full control of use of cookies. By changing the settings in your web browser, you can deactivate or restrict transmission of cookies. Already-stored cookies can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may not be possible to use all functions of the website in full.


VI. Contact form and email contact

1. Description and scale of processing activities

Our websites have a contact form that can be used for electronic contact. If a user uses this option, the data entered into the input screen will be transmitted to us and stored.

These data are: Name, email, possible phone number and optional information such as company name, function, address

At the time of dispatch of the message, the following data will be stored as well:

  1. The user's internet protocol address
  2. Date and time of the registration

Your consent to processing of the data is collected within the context of sending and this data protection statement is referred to.

Alternatively, contact via the provided email address is possible. In such a case, the user's personal data transmitted in the email will be stored.

2. Transfer of personal data to sales partnerse in and outside of the country

We may transmit your data from the contact form to other sales partners in and outside of the country. This data transmission shall take place according to point (f) of Article 6(1) GDPR in order to connect our customers to the right partner. For a list of all our partner companies, see: https://www.woehr.de/en/sales-network.html

3. Legal basis for processing activities

The legal basis for processing of the data is the presence of the user's consent in accordance with point (a) of Article 6(1) GDPR.

The legal basis for processing of the data transmitted in the scope of transmission of an email is also point (f) of Article 6(1) GDPR. If the email contact is targeted at conclusion of a contract, point (b) of Article 6(1) GDPR shall be an additional legal basis for processing.

4. Purpose of processing activities

Processing of the personal data from the input screen serves only to process your contact. In case of contact by email, this is also the necessary legitimate interest in processing of the data.

The other personal data processed while sending serves to prevent abuse of the contact form and to ensure the security of our information-technical systems.

5. Duration of storage

The data are deleted as soon as they are no longer necessary to achieve the purpose of their collection. This is the case for the personal data from the input screen of the contact form and those transmitted by email when the respective conversation with the user has ended. The conversation is ended when the circumstances show that the corresponding matter has been finally completed.

The personal data collected additionally when sending will be deleted at the latest after a period of seven days.

6. Right to object and removal option

The user has the option at any time to withdraw his or her consent to processing of the personal data. If the user contacts us by email, he or she may object to storage of his or her personal data at any time. In this case, the conversation cannot be continued.

Any personal data stored in the scope of the contact will be deleted in such a case.


VII. Web analysis by Google Analytics (anonymisation function)

The controller for processing has integrated component Google Analytics (with anonymisation function) on this website. Google Analytics is a web analysis service. Web analysis means the collection, aggregation and evaluation of data concerning the behaviour of visitors on websites. A web analysis service collects, inter alia, data regarding from which website a data subject came to a website (referrers), which sub-pages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is used mostly to optimise a website and for cost-benefits analysis of internet advertising.

The operator company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The data controller uses the web analysis of Google Analytics with the addition "_gat._anonymizeIp". By this addition, the internet protocol address of the internet connection of the data subject will be abbreviated and anonymised by Google when the access to our websites comes from a member state of the European Union or another contracting state of the convention on the European economic area.

The purpose of the Google Analytics component is analysis of the visitor flows on our website. Google uses the data and information gained, inter alia, to evaluate use of our website, in order to compile online reports for us that indicate the activities on our websites and in order to render further services connected to use of our website.

Google Analytics places a cookie on the information-technology system of the data subject. It has already been explained above what cookies are. By placing the cookie, Google can analyse use of our websites. Every time one of the individual pages of this website that is operated by the data controller on which a Google Analytics component has been integrated is called up, the web browser on the information-technology system of the data subject will be automatically caused to transmit data for the purpose of online analysis to Google by the respective Google Analytics component. Within the context of this technical procedure, Google will obtain knowledge of personal data, such as the internet protocol address of the data subject, which serve, inter alia, to enable Google to track the origin of visitors and their clicks, and to permit subsequent settlements of commission fees.

The cookie is used to store personal data, such as the access time, place from which an access took place and frequency of visits to our website by the data subject. On every visit to our websites, these personal data, including the internet protocol address of the internet connection used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass on such personal data collected with technical procedures to third parties under certain circumstances.

The data subject may prevent setting of cookies by our website as already presented above, at any time, by making the corresponding setting in the web browser used and thereby permanently object to setting of cookies. This setting of the web browser used would also prevent Google from placing a cookie on the information-technology system of the data subject. Furthermore, a cookie already set by Google Analytics may be deleted at any time via the web browser or other software programs.

The data subject is also able to object to recording of the data generated by Google Analytics referring to use of this website and processing of such data by Google and prevent this. For this, the data subject must download a browser add-on under the link https://tools.google.com/dlpage/gaoptout and install it. This browser add-on informs Google Analytics via JavaScript that no data and information concerning the visitors of websites must be transmitted to Google Analytics. Google will assess installation of the browser add-on as an objection. If the information-technology system of the data subject is deleted, formatted or re-installed at a later time, the data subject must install the browser add-on again in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person subject to his or her scope of influence, it is possible to re-install or re-activate the browser add-on.

You may prevent recording by Google Analytics by clicking the following link. An opt-out cookie is set that will prevent the future recording of your personal data when visiting this website:

Disable Google Analytics

For further information and the applicable provisions on data protection of Google, see https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/.

The Google Analytics cookie is stored for 14 months on your computer if you do not delete it before this.


VIII. Integration of Google Maps

  1. On this website, we use the offer of Google Maps. This enables us to display interactive maps directly on the website and enables comfortable use of the map function for you.

  2. By your visit to the website, Google will be informed that you have called up the corresponding sub-page of our website. The data named in Section 3 of this statement will be transmitted as well. This is done independently of whether Google provides a user account through which you are logged in or whether there is no user account. If you are logged in to Google, your data will be associated with your account directly. If you do not wish assignment to your profile at Google, you need to log out before you activate the button. Google will store your data as usage profiles and use them for the purpose of advertising, market research and/or demand-oriented design of its website. Such evaluation shall in particular take place (even for users who are not logged in) in order to display demand-oriented marketing and in order to inform other users of the social network of your activities on our website. You have a right to object to the generation of these user profiles. In order to exercise these, you must contact Google.

  3. Further information on the purpose and scope of data collection and processing by the plugin provider is available in the data protection statements of the provider. It also contains further information on your rights to that extent and setting options for protecting your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

 


IX. Integration of YouTube

We integrate videos from the “YouTube” platform provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA into our website. This technology is used by us to improve our offering and to offer you attractive content. The legal basis for this processing is defined in Art. 6 Para 1f) of GDPR.
When you watch YouTube videos, data is transmitted to YouTube, and YouTube also stores a variety of cookies on your terminal device. This information is used, for example, to record video statistics and to improve usage. YouTube has acceded to the Privacy Shield Agreement: this agreement corresponds to a guarantee in accordance with Art. 46 of GDPR.   
You can find further information in the privacy statement: 

https://www.google.com/policies/privacy/

You may object to the processing of your data by customising your personal data protection settings in the privacy centre. You can call up your settings here: 

https://adssettings.google.com/authenticated


X. Rights of the data subject

If any personal data concerning you are processed, you are a data subject within the meaning of GDPR and you have the following rights towards the controller:

1. Right of access

You may demand that the controller confirm whether any personal data concerning you are processed by us.

In case of such processing, you may demand the following information from the controller:

  1. the purposes for which the personal data are processed;
  2. the categories of personal data concerned;
  3. the recipients or categories of recipients to whom the personal data concerning you have been disclosed or will be disclosed;
  4. the planned duration of storage of the personal data concerning you or, if specific information on this cannot be provided, criteria for specification of the storage duration;
  5. the existence of the right to request from the controller rectification or erasure of personal data or a right to restriction of processing of personal data concerning the data subject or to object to such processing;
  6. the existence of the right to lodge a complaint with a supervisory authority;
  7. all available information on the origin of the data, if the personal data are not collected from the data subject;
  8. the existence of automated decision-making, including profiling in accordance with Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to be informed on whether the personal data concerning you are transmitted to a third country or an international organisation. In this context, you may demand provision of information about appropriate safeguards pursuant to Article 46 GDPR in connection with the transfer.

2. Right to rectification

You have a right to rectification and/or completion towards the controller, provided that the personal data processed concerning you are inaccurate or incomplete. The controller shall rectify them without undue delay.

3. Right to restrictionof processing

You may demand restriction of processing of the personal data concerning you under the following condition:

  1. if you dispute the accuracy of the personal data concerning you for a duration that enables the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
  4. if you have objected to processing in accordance with Article 21(1) GDPR and it is not yet certain if the legitimate reasons of the controller override your reasons.

Where processing of the personal data concerning you has been restricted, such personal data must - with the exception of storage - only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

If the restriction of processing was limited according to the above conditions, you will be informed by the controller before the restriction is revoked.

4. Right to erasure

a) Erasure obligation

You may demand that the controller erase the personal data concerning you without undue delay and the controller shall have the obligation to erase such data without undue delay where one of the following grounds applies:

  1. The personal data concerning you are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  2. You withdraw the consent on which the processing was based according to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR and there is no other legal basis for the processing.
  3. You object to processing in accordance with Article 21(1) GDPR and there are no overruling legitimate grounds for processing, or you object to processing in accordance with Article 21(2) GDPR.
  4. The personal data concerning you have been unlawfully processed.
  5. Erasure of the personal data concerning you is necessary for compliance with a legal obligation under Union or Member State law to which the controller is subject.
  6. The personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

b) Information to third parties

Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing of the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

c) Derogations

The right to erasure shall not exist if processing is necessary

  1. for exercising the right of freedom of expression and information;
  2. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in point (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  5. for the establishment, exercise or defence of legal claims.

5. Right to provision of information

If you have asserted a right to rectification, erasure or restriction of processing towards the controller, the controller is obligated to inform all recipients to whom the personal data concerning you were disclosed of this rectification or erasure of data or reconstruction of processing, except if this turns out to be impossible or subject to disproportionate effort.

You are due the right to provision of information about such recipients by the controller.

6. Right to data portability

You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. In addition to this, you have the right to transmit these data to another controller without any impairment by the controller to whom the personal data were provided, as long as

  1. processing is based on consent in accordance with point (a) of Article 6(1) GDPR or point (a) of Article 9(2) GDPR or a contract in accordance with point (b) of Article 6(1) GDPR and
  2. the processing is carried out by automated means.

In exercising this right, you further have the right to demand that the personal data concerning you be transmitted directly from one controller to another, where technically feasible. Freedoms and rights of other persons must not be impaired by this.

That right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object

You shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

The controller shall no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data concerning you are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, the personal data concerning you shall no longer be processed for such purposes.

You have the option to exercise the right to object in connection with use of information society services, irrespective of directive 2002/58/EC, where technical specifications are used.

8. Right to revocation of the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated decision-making in an individual case, including profiling

You have the right not to be subject to a decision based solely on automated processing - including profiling - which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision

  1. is necessary for entering into, or performance of, a contract between you and the controller;
  2. is authorised by provisions of Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests; or
  3. is done with your express consent.

However, such decisions shall not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard the rights and freedoms and your legitimate interests are in place.

Regarding the cases referred to in (1) and (3), the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.