Data Protection

Keeping your information safe.
Protecting your data is important to us.

Importance of data protection

The protection of your private data is of utmost importance for W&W brandpool GmbH. We therefore comply with all legal regulations on data protection and would like to inform you of the ways we store and use your personal data.

The protection of personal data, customer names and addresses in particular, is very important to us. The same applies to the handling of the information you entrust to us and to the data logged during internet use. With this data protection declaration, we, W&W brandpool GmbH, as service provider of the websites and, inform you about the type, scope and purpose of the collection and use of your personal data that is relevant when you visit the website or use other channels.

Who is responsible for processing data and how can I contact them?
You can contact the data processor at:
W&W brandpool GmbH
Gutenbergstraße 30
70176 Stuttgart, Germany
Telephone: +49 711 662 – 724808

Our data protection officer can be reached at:
Wüstenrot & Württembergische AG,
Data Protection Officer
Wüstenrotstraße 1
71638 Ludwigsburg
Telephone: 07141 16-0

What data do we collect on our websites?
You can use our websites anonymously. During your visit, usage data will be stored – this can include your IP address, the website from which you found us, the websites you visit, and the date and duration of your visit. This data is evaluated solely for statistical purposes, and the evaluation is done using cookies (see the section entitled “What are cookies and what are they used for?”). We do not create personal user profiles.

Why do we process your data (purpose of processing) and on what legal basis?
We process the data resulting from each visit to our website, or the use of contact options offered, in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). There are, however, different legal bases depending on your reasons for contacting us via the website.

The specific legal basis for data processing depends on the context in which we receive your data, as well as the purpose for this. We will therefore highlight the respective uses separately, if necessary. As a rule, the legal basis for processing data will be the following:

Art. 6 I (a) GDPR serves as a legal basis for processing operations where we obtain consent for a particular processing purpose. Given consent can be revoked at any time.

If the processing of personal data is necessary to fulfil a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or consideration, then processing shall be based on Art. 6 I (b) GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services.

If we are subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Art. 6 I (c) GDPR.

Finally, processing operations may be based on Art. 6 I (f) GDPR. Processing operations that are not covered by any of the above legal bases are based on this legal basis if processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights, and fundamental freedoms of the person concerned prevail.

How long is your data kept on file?
We store the personal data obtained through your use of our website for as long as is necessary for the purposes mentioned above. Furthermore, we are subject to various legal proof and retention obligations, which are regulated, among others, by the Commercial Code, tax laws, and tax code. The storage periods are usually up to ten years thereafter. In addition, personal data may be retained for the period in which claims can be asserted against us (statutory limitation period of three or up to thirty years). Once the storage period has ended, personal data is deleted using an automated process.

In the event of storing the data in log files, this is the case after no more than seven days. An extended storage period is possible. In this case, the IP addresses of the users are deleted or distorted so that it is no longer possible to recognise the customer.

Who receives your data?
We only disclose your personal details to third parties if this is necessary for the fulfilment of our own business purposes, if you have given us your consent to do so, or if we are required to do so by law or on the basis of a legal or official order.

When we work with external service providers in the context of data processing, this usually takes place on the basis of so-called order processing, in which we remain responsible for the data processing. We check the data protection and data security measures taken by each of these service providers beforehand, to ensure the statutory contractual provisions for the protection of personal data.

Is data transferred to a third country or an international organisation?
A transfer of data to offices in third countries (states outside the European Economic Area – EEA) only takes place if this is necessary for the execution of your order (e.g. payment and securities orders), is required by law (e.g. tax reporting obligations), or if you have given us your consent.

Details will be provided to you separately, if required by law. Furthermore, should we transfer your personal data to service providers outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection and other appropriate safeguards (e.g. binding corporate privacy rules or EU-standard contractual clauses). Detailed information can be found at

To what extent is there automated decision-making in individual cases?
If, in individual cases, we use purely automated processing to make a decision – including profiling – we will inform you about the respective application.

What data protection rights do I have?
You have the right to information pursuant to Art. 15 GDPR, the right to make corrections pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restrict processing pursuant to Art. 18 GDPR, as well as the right to transfer data pursuant to Art. 20 GDPR. With regards to the right to information and the right to erasure, the restrictions under §§ 34 and 35 BDSG apply. In addition, you have the right to appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

Information about your right to object, according to Art. 21 EU General Data Protection Regulation (GDPR)
1. You have the right, at any time, for reasons arising from your particular situation, to object to the processing of personal data relating to you pursuant to Article 6 Para. 1 (e) GDPR (data processing in the public interest) and Article 6 Para. 1 (f) GDPR (data processing on the basis of a balance of interests); this also applies to a profiling based on this provision within the meaning of Article 4 No. 4 GDPR, which we use for rating or advertising purposes.
If you object, we will not process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or if the processing is for the purpose of enforcing, pursuing or defending legal claims.
2. In individual cases, we process your personal data in order to send direct advertising. You have the right to object at any time (without giving reasons) to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes.
Please direct the objection to the responsible company using the contact details given above.

Your right to revoke your consent
Given consent can be revoked at any time. This also applies to the revocation of declarations of consent that were given to us prior to the validity of the General Data Protection Regulation (GDPR), i.e. before 25th May 2018.
Please note that the revocation only takes effect for future purposes. Processing which occurred before the revocation is not affected.

Your right to appeal to the relevant data protection supervisory authority
The data protection supervisory authority responsible for W&W brandpool GmbH is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit [State Commissioner for Data Protection and Freedom of Information]
Königstrasse 10 a
70173 Stuttgart

However, you may also contact the data protection authority closest to your place of residence.

How can I contact you individually?
Our website contains information that enables you to contact our company quickly and communicate with us directly. For example, if you have any questions, you may contact us via the interaction points given on our website. We will indicate the information needed to process your request at the given interaction point. If you contact us using an interaction point, the personal data you provide will be automatically saved for the purposes of processing your enquiry and contacting you.
At the time of sending the message, the following information is also stored:

(1) The IP address of the user
(2) Date and time of registration

The legal basis for the processing of the data transferred in the course of the sending process is Art. 6 Para. 1 (f) GDPR. If the contact is aimed at the conclusion of a contract, an additional legal basis for the processing is Art. 6 Para. 1 (b) GDPR.

Contact form
For questions of any kind, you may contact us using the forms provided on the website. We will inform you about the information required to process your enquiry in the respective form. Further information may be provided voluntarily.
The other personal data processed during the sending process serves to prevent the misuse of the contact form and to ensure the security of our information technology systems.

Alternatively, it is possible to contact us using the provided email address. In this case, your personal data transferred by email will be stored.
There is no disclosure of data to third parties in this context. The data will be used solely to enable communication with you.

What are cookies and what are they used for?
Cookies are text files that are stored in the cache of your internet browser (e.g. Google Chrome, Mozilla Firefox, Microsoft Edge, Microsoft Internet Explorer, Apple Safari) when you visit a website.

On our website we do not use any targeting or analytics cookies. In order to ensure the functionality of our website we use exclusively technically required (essential) cookies or preference cookies. These cookies make our website user-friendly by allowing basic functions, such as language settings, page navigation and access to safe sections of the website. Without these cookies the website cannot function properly. This constitutes a legitimate interest within the meaning of Art. 6, No. 1, lit. f GDPR.

We use the following essential cookies:

Name Purpose Life time
icl_current_language Determination of browser language 24h


For more information, please refer to the help function of the internet browser which you use to access the internet on your computer.

We understand that as an internet user you may have reservations about cookies. As a precaution, we would like to inform you of some common misconceptions:
– Cookies cannot transfer viruses
– Cookies cannot read email addresses
– Cookies cannot read disk content
– Cookies cannot transfer details of your browsing history
– Cookies cannot send any unsolicited emails
– Cookies cannot fill or erase your entire hard drive

What technolgies are being used?
The following technologies are required and necessary in order to activate and enable the functionality of the website. Required and necessary cookies cannot be disabled by the functions of this website. You can disable cookies in your browser at anytime. However, we would like to inform you that, if cookings are being disabled, our website will not work correctly or at all.

This is a service that checks whether data entered on a site is entered by a human or by an automated program. Data are processed by Google ​Ireland​ Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

The following list represents the purposes of the data collection and processing. The collected data can’t be used or stored for any other purpose than the purposes listed below.
– Tracking
– Bot Protection

Technologies Used:
– Cookies

The following list represents all (personal) data that is collected by or through the use of this service:
– IP address
– Click path
– Time spent on page
– Website visitor behaviour
– Browser language
– User input
– Javascript objects
– Browser plug-ins
– Date and time of visit

Legal basis for the processing of personal data is Art. 6 para. 1 s. 1 lit. f GDPR. Location of Processing: European Union. The retention period is the time span the collected data is saved for the processing purposes. The data needs to be deleted as soon as it is no longer needed for the stated processing purposes. Data will be deleted as soon as they are no longer needed for the processing purposes.

Data Recipients:
– Alphabet Inc.
– Google LLC
– Google Ireland Limited

Below you can find the email address of the data protection officer of the processing company:

Click here to read the privacy policy of the data processor:

Click here to opt out from this processor across all domains:

How do we ensure data security?
We use the Secure Socket Layer (SSL) method in conjunction with the highest level of encryption supported by your browser. You can tell whether a single page of our website is received in an encrypted form by looking for the closed key or lock icon in the status bar of your browser.

We also have technical and organisational measures to protect your data against manipulation, loss, destruction, or unauthorised access. Our security measures are continuously improved in line with technological developments.

Links to other internet sites
We seek to provide high quality and secure links to other websites on our own websites, but sometimes we do not immediately notice when linked content changes. If you notice that links on our website refer to websites whose content violates applicable law, please inform us using the email address We will then remove these links immediately from our website.

Correctness and changes to this privacy policy
This data protection declaration is currently valid as of 29/10/2020.
It may be necessary to change this data protection declaration as a result of the further development of our website and offers, or changes to legal or regulatory requirements. The current data protection declaration can be retrieved and printed by you at any time at or