Data Protection

Keeping your information safe.
Protecting your data is important to us.

Importance of data protection

The protection of your private data is of utmost importance for W&W brandpool GmbH. We therefore comply with all legal regulations on data protection and would like to inform you of the ways we store and use your personal data.

The protection of personal data, customer names and addresses in particular, is very important to us. The same applies to the handling of the information you entrust to us and to the data logged during internet use. With this data protection declaration, we, W&W brandpool GmbH, as service provider of the websites www.ww-brandpool.com and www.ww-brandpool.de, inform you about the type, scope and purpose of the collection and use of your personal data that is relevant when you visit the website or use other channels.

Who is responsible for processing data and how can I contact them?
You can contact the data processor at:
W&W brandpool GmbH
Gutenbergstraße 30
70176 Stuttgart, Germany
Telephone: +49 711 662 – 724808
Email: brandpool@ww-ag.com

Our data protection officer can be reached at:
Wüstenrot & Württembergische AG,
Data Protection Officer
Wüstenrotstraße 1
71638 Ludwigsburg
Telephone: 07141 16-0
Email: dsb@ww-ag.com

What data do we collect on our websites?
You can use our websites anonymously. During your visit, usage data will be stored – this can include your IP address, the website from which you found us, the websites you visit, and the date and duration of your visit. This data is evaluated solely for statistical purposes, and the evaluation is done using cookies (see the section entitled “What are cookies and what are they used for?”). We do not create personal user profiles.

Why do we process your data (purpose of processing) and on what legal basis?
We process the data resulting from each visit to our website, or the use of contact options offered, in accordance with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). There are, however, different legal bases depending on your reasons for contacting us via the website.

The specific legal basis for data processing depends on the context in which we receive your data, as well as the purpose for this. We will therefore highlight the respective uses separately, if necessary. As a rule, the legal basis for processing data will be the following:

Art. 6 I (a) GDPR serves as a legal basis for processing operations where we obtain consent for a particular processing purpose. Given consent can be revoked at any time.

If the processing of personal data is necessary to fulfil a contract of which the data subject is a party, as is the case, for example, in processing operations necessary for the supply of goods or the provision of any other service or consideration, then processing shall be based on Art. 6 I (b) GDPR. The same applies to processing operations that are necessary to carry out pre-contractual measures, for example in cases of enquiries about our products or services.

If we are subject to a legal obligation which requires the processing of personal data, such as the fulfilment of tax obligations, the processing is based on Art. 6 I (c) GDPR.

Finally, processing operations may be based on Art. 6 I (f) GDPR. Processing operations that are not covered by any of the above legal bases are based on this legal basis if processing is necessary to safeguard the legitimate interests of our company or a third party, unless the interests, fundamental rights, and fundamental freedoms of the person concerned prevail.

How long is your data kept on file?
We store the personal data obtained through your use of our website for as long as is necessary for the purposes mentioned above. Furthermore, we are subject to various legal proof and retention obligations, which are regulated, among others, by the Commercial Code, tax laws, and tax code. The storage periods are usually up to ten years thereafter. In addition, personal data may be retained for the period in which claims can be asserted against us (statutory limitation period of three or up to thirty years). Once the storage period has ended, personal data is deleted using an automated process.

In the event of storing the data in log files, this is the case after no more than seven days. An extended storage period is possible. In this case, the IP addresses of the users are deleted or distorted so that it is no longer possible to recognise the customer.

Who receives your data?
We only disclose your personal details to third parties if this is necessary for the fulfilment of our own business purposes, if you have given us your consent to do so, or if we are required to do so by law or on the basis of a legal or official order.

When we work with external service providers in the context of data processing, this usually takes place on the basis of so-called order processing, in which we remain responsible for the data processing. We check the data protection and data security measures taken by each of these service providers beforehand, to ensure the statutory contractual provisions for the protection of personal data.

Is data transferred to a third country or an international organisation?
A transfer of data to offices in third countries (states outside the European Economic Area – EEA) only takes place if this is necessary for the execution of your order (e.g. payment and securities orders), is required by law (e.g. tax reporting obligations), or if you have given us your consent.

Details will be provided to you separately, if required by law. Furthermore, should we transfer your personal data to service providers outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection and other appropriate safeguards (e.g. binding corporate privacy rules or EU-standard contractual clauses). Detailed information can be found at https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu_de.

To what extent is there automated decision-making in individual cases?
If, in individual cases, we use purely automated processing to make a decision – including profiling – we will inform you about the respective application.

What data protection rights do I have?
You have the right to information pursuant to Art. 15 GDPR, the right to make corrections pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restrict processing pursuant to Art. 18 GDPR, as well as the right to transfer data pursuant to Art. 20 GDPR. With regards to the right to information and the right to erasure, the restrictions under §§ 34 and 35 BDSG apply. In addition, you have the right to appeal to a data protection supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).

Information about your right to object, according to Art. 21 EU General Data Protection Regulation (GDPR)
1. You have the right, at any time, for reasons arising from your particular situation, to object to the processing of personal data relating to you pursuant to Article 6 Para. 1 (e) GDPR (data processing in the public interest) and Article 6 Para. 1 (f) GDPR (data processing on the basis of a balance of interests); this also applies to a profiling based on this provision within the meaning of Article 4 No. 4 GDPR, which we use for rating or advertising purposes.
If you object, we will not process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights, and freedoms, or if the processing is for the purpose of enforcing, pursuing or defending legal claims.
2. In individual cases, we process your personal data in order to send direct advertising. You have the right to object at any time (without giving reasons) to the processing of your personal data for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to the processing for direct advertising purposes, we will no longer process your personal data for these purposes.
Please direct the objection to the responsible company using the contact details given above.

Your right to revoke your consent
Given consent can be revoked at any time. This also applies to the revocation of declarations of consent that were given to us prior to the validity of the General Data Protection Regulation (GDPR), i.e. before 25th May 2018.
Please note that the revocation only takes effect for future purposes. Processing which occurred before the revocation is not affected.

Your right to appeal to the relevant data protection supervisory authority
The data protection supervisory authority responsible for W&W brandpool GmbH is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit [State Commissioner for Data Protection and Freedom of Information]
Königstrasse 10 a
70173 Stuttgart

However, you may also contact the data protection authority closest to your place of residence.

How can I contact you individually?
Our website contains information that enables you to contact our company quickly and communicate with us directly. For example, if you have any questions, you may contact us via the interaction points given on our website. We will indicate the information needed to process your request at the given interaction point. If you contact us using an interaction point, the personal data you provide will be automatically saved for the purposes of processing your enquiry and contacting you.
At the time of sending the message, the following information is also stored:

(1) The IP address of the user
(2) Date and time of registration

The legal basis for the processing of the data transferred in the course of the sending process is Art. 6 Para. 1 (f) GDPR. If the contact is aimed at the conclusion of a contract, an additional legal basis for the processing is Art. 6 Para. 1 (b) GDPR.

Contact form
For questions of any kind, you may contact us using the forms provided on the website. We will inform you about the information required to process your enquiry in the respective form. Further information may be provided voluntarily.
The other personal data processed during the sending process serves to prevent the misuse of the contact form and to ensure the security of our information technology systems.

Email
Alternatively, it is possible to contact us using the provided email address. In this case, your personal data transferred by email will be stored.
There is no disclosure of data to third parties in this context. The data will be used solely to enable communication with you.

What are cookies and what are they used for?
Cookies are text files that are stored in the cache of your internet browser (Internet Explorer or Firefox etc.) when you visit a website. Most of the cookies we use are so-called “session cookies” – they are automatically deleted after your visit. Other cookies remain stored on your device until you delete them. These cookies allow us to recognise your browser on your next visit. In this case, the advantage for you is that your computer does not have to be re-registered when repeatedly visiting an encrypted site. Cookies do not store personal data. We use them only for the statistical evaluations needed to control the success of our website. The evaluation is done anonymously, and the cookies will be deleted after 30 days.
You can determine how cookies are handled in your browser: for example, you can specify that a save will only be accepted if you agree to it in advance. If you only want to accept the cookies on our website but not the cookies of our service providers and partners, you can set this in your browser using the “block third-party cookies” setting.
For more information, please refer to the help function of the internet browser which you use to access the internet on your computer.

We understand that as an internet user you may have reservations about cookies. As a precaution, we would like to inform you of some common misconceptions:
– Cookies cannot transfer viruses
– Cookies cannot read email addresses
– Cookies cannot read disk content
– Cookies cannot transfer details of your browsing history
– Cookies cannot send any unsolicited emails
– Cookies cannot fill or erase your entire hard drive

What are analysis tools and what are they used for?
The tracking measures we use are based on Art. 6 Para. 1 S. 1 (f) GDPR. With these tracking measures, we want to ensure a needs-based design and the continuous optimisation of our website. Furthermore, we use these tracking measures to statistically record the use of our website and evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as justified within the meaning of the aforementioned provision.

Google Analytics
This website uses Google Analytics, a web analysis service from Google Inc. (“Google”). Google Analytics is operated by:

Google Ireland Limited
Gordon House
Barrow Street
Dublin 4, Ireland

Google Analytics uses so-called “cookies”; text files which are stored on your computer and allow your use of the website to be analysed. The information generated by the cookie regarding your use of this website is usually transmitted to a Google server in the USA and stored there. IP anonymisation has been activated on this website, i.e. your IP address will be shortened beforehand by Google within member states of the European Union, or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website activity and internet usage to the website operator. The IP address provided by your browser as part of Google Analytics will not be merged with other Google information. You can prevent the storage of cookies by altering the settings of your browser software; however, we ask you to note that in this case you may not be able to use all the functions of this website in full. Furthermore, you may prevent the collection by Google of the data generated by the cookie and related to your use of the website (incl. your IP address) as well as the processing of this data by Google by using the following link http://tools.google.com/dlpage/gaoptout?hl=de to download and install the available browser plugin.

How do we ensure data security?
We use the Secure Socket Layer (SSL) method in conjunction with the highest level of encryption supported by your browser. You can tell whether a single page of our website is received in an encrypted form by looking for the closed key or lock icon in the status bar of your browser.

We also have technical and organisational measures to protect your data against manipulation, loss, destruction, or unauthorised access. Our security measures are continuously improved in line with technological developments.

Links to other internet sites
We seek to provide high quality and secure links to other websites on our own websites, but sometimes we do not immediately notice when linked content changes. If you notice that links on our website refer to websites whose content violates applicable law, please inform us using the email address brandpool@ww-ag.com. We will then remove these links immediately from our website.

Correctness and changes to this privacy policy
This data protection declaration is currently valid as of 22/03/2019.
It may be necessary to change this data protection declaration as a result of the further development of our website and offers, or changes to legal or regulatory requirements. The current data protection declaration can be retrieved and printed by you at any time at https://www.ww-ag.com/de/datenschutz.html or https://www.ww-ag.com/de/datenschutz.html.