Data protection

Privacy policy

1. Introduction

The following information is intended to provide you, as the "data subject," with an overview of how we process your personal data and what your rights are under data protection laws. In general, the use of our website is possible without providing any personal data. However, if you wish to use specific services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is required and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address, or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and the country-specific data protection provisions applicable to “Carl Werthenbach Konstruktionsteile GmbH & Co. KG”. This privacy policy is intended to inform you about the scope and purpose of the personal data we collect, use, and process.

As the data controller, we have implemented numerous technical and organizational measures to ensure the most complete protection possible of the personal data processed through this website. However, internet-based data transmissions can in principle have security vulnerabilities, meaning that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us via alternative means, such as by telephone or by post.

 

2. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Carl Werthenbach Konstruktionsteile GmbH & Co. KG
Grafenheider Str. 101, 33729 Bielefeld, Germany
Telephone: +49-521-9768-0
Fax: +49-521-9768-252
E-mail: info@werthenbach.de

 

3. Data Protection Officer

You can reach our Data Protection Officer as follows:

E-mail: datenschutzbeauftragter@werthenbach.de
You can contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.

 

4. Definitions

This Privacy Policy is based on the terms used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our intention is for this Privacy Policy to be easy to read and understand, both for the public and for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

This Privacy Policy uses, among others, the following terms:

a. Personal data
Personal data means any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b. Data subject
Data subject is any identified or identifiable natural person whose personal data is processed by the data controller (our company).

c. Processing
Processing means any operation or set of operations performed on personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d. Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their future processing.

e. Profiling
Profiling means any form of automated processing of personal data consisting of the use of such data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f. Pseudonymization
Pseudonymization means the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g. Processor
Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

h. Recipient
Recipient means a natural or legal person, public authority, agency, or another body to whom the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

i. Third party
Third party means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

j. Consent
Consent means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

 

5. Transfer of Data to Third Parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We only disclose your personal data to third parties if:

  1. You have given your explicit consent pursuant to Art. 6(1)(a) GDPR;
  2. The disclosure is permissible under Art. 6(1)(f) GDPR for the purposes of legitimate interests and there is no reason to believe that you have an overriding interest worthy of protection in not disclosing your data;
  3. There is a legal obligation for disclosure under Art. 6(1)(c) GDPR; or
  4. It is legally permissible and necessary for the performance of a contract with you pursuant to Art. 6(1)(b) GDPR.

To protect your data and to enable potential data transfers to third countries (outside the EU/EEA), we have concluded data processing agreements based on the European Commission’s Standard Contractual Clauses.

To receive a copy of the applicable terms, please contact us using the contact details provided in Sections 2 and 3.

If the Standard Contractual Clauses are not sufficient to ensure an adequate level of data protection, your consent pursuant to Art. 49(1)(a) GDPR may serve as the legal basis for data transfers to third countries. This does not apply to transfers to third countries for which the European Commission has issued an adequacy decision in accordance with Art. 45 GDPR.

 

6. Legal Basis for Processing

Article 6(1)(a) GDPR (in conjunction with Section 25(1) of the German Telecommunications-Digital Services Data Protection Act TDDDG, formerly TTDSG) serves as the legal basis for processing operations for which we obtain consent for a specific purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party – for example, when processing operations are required for the delivery of goods or the provision of a service or return service – the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations required for pre-contractual measures, such as inquiries about our products or services.

If our company is subject to a legal obligation that requires the processing of personal data – such as for the fulfillment of tax obligations – the processing is based on Article 6(1)(c) GDPR.

In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This could be the case, for example, if a visitor were to be injured on our premises and as a result, their name, age, health insurance details, or other vital information had to be disclosed to a doctor, hospital, or other third party. In that case, the processing would be based on Article 6(1)(d) GDPR.

Processing operations may ultimately be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations that are not covered by any of the legal grounds, if the processing is necessary for the purposes of legitimate interests pursued by our company or a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. In this regard, it was considered that a legitimate interest could be assumed if you are a customer of our company (Recital 47, sentence 2 GDPR).

Our services are generally intended for adults. People under the age of 16 may not transmit personal data to us without the consent of their parents or legal guardians. We do not request, collect, or share personal data from or about children and adolescents.

 

7. Technology

7.1 SSL/TLS encryption
To ensure the security of data processing and to protect the transmission of confidential content—such as orders, login information, or contact inquiries you send to us as the website operator—this website uses SSL or TLS encryption. You can recognize an encrypted connection by the change in the browser address line from "http://" to "https://" and by the lock symbol displayed in your browser bar.
When SSL or TLS encryption is active, the data you transmit to us cannot be read by third parties.

7.2 Data Collection When Visiting the Website

When you visit our website for informational purposes only, i.e., without registering or otherwise transmitting information to us, we collect only the data that your browser transmits to our server (known as "server log files"). Each time you access a page on our website, either manually or via an automated system, a series of general data and information is collected and stored in the server’s log files. This may include:

  1. the types and versions of browsers used,
  2. the operating system used by the accessing system,
  3. the website from which the accessing system reaches our website (so-called referrer),
  4. the subpages accessed on our website by the accessing system,
  5. the date and time of access to the website,
  6. a shortened (anonymized) Internet Protocol address,
  7. the Internet service provider of the accessing system.

We do not draw any conclusions about your identity from this general data and information. Instead, this information is required to:

  1. correctly deliver the content of our website,
  2. optimize the content and advertising of our website,
  3. ensure the long-term functionality of our IT systems and the technology of our website, and
  4. provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack.

These anonymously collected data and information are therefore evaluated statistically and with the aim of enhancing data protection and data security within our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymous data from the server log files are stored separately from any personal data provided by a data subject.

The legal basis for this data processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the purposes for data collection listed above.

7.3 Hosting by Mittwald

Our website is hosted by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4–6, 32339 Espelkamp, Germany (hereinafter referred to as “Mittwald”).

When you visit our website, your personal data (e.g., IP addresses in log files) is processed on Mittwald's servers.

The use of Mittwald is based on Article 6(1)(f) GDPR. We have a legitimate interest in the most reliable possible presentation, provision, and protection of our website.

We have entered into a data processing agreement (DPA) with Mittwald pursuant to Article 28 GDPR. This is a contract required under the law of data protection, which ensures that Mittwald processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

For more information on Mittwald’s data protection policies, please refer to: https://www.mittwald.de/datenschutz

 

8. Contents of Our Website

8.1 User Registration

You have the option to register on our website by providing personal data.

The specific personal data transmitted to us is determined by the respective input form used for registration. The personal data you enter is collected and stored exclusively for internal use and for our own purposes. We may arrange for this data to be shared with one or more processors (e.g., parcel delivery services), who will also use the data exclusively for internal purposes attributable to us.

When you register on our website, the IP address assigned by your Internet service provider (ISP), along with the date and time of registration, will also be stored. This storage is necessary to prevent misuse of our services and, if needed, to investigate criminal offenses. The storage of this data is thus necessary for our protection. This data will not be shared with third parties unless there is a legal obligation to do so, or it is required for criminal prosecution.

Registering by voluntarily providing personal data also allows us to offer you content or services that, by their nature, can only be offered to registered users. Registered people are free to change or delete the personal data they provided during registration at any time. Upon request, we will inform you at any time which personal data we have stored about you. We will also correct or delete such data upon your request, provided there are no legal retention obligations to the contrary. Our designated Data Protection Officer and other staff members are available as points of contact in this regard.

The processing of your data serves the purpose of providing a convenient and user-friendly experience on our website. This constitutes a legitimate interest pursuant to Art. 6(1)(f) GDPR.

8.2 Data Processing When Creating a Customer Account and for Contract Fulfillment
We store and use the data you provide for contract fulfillment in accordance with Art. 6(1)(b) GDPR. Upon full completion of the contract, your data will be blocked into consideration of tax and commercial law retention periods and deleted after these periods expire, unless you have expressly consented to further use of your data or we are legally permitted to use your data for other purposes, of which we will inform you accordingly.

To open a customer account, you are required to provide your name, address, and gender. Additional mandatory fields may be indicated in the respective input form.

The legal basis for this processing is Art. 6(1)(a) GDPR.

You may delete your customer account at any time by contacting the controller at the address provided above. After deletion, your data will be blocked in accordance with tax and commercial law retention periods and deleted once those periods expire, unless further use has been expressly consented to or is permitted by law.

8.3 Data Processing for Order Fulfillment
Personal data collected by us will be shared with the shipping company entrusted with delivery as necessary to deliver goods. Your payment data will be shared with the financial institution handling the payment transaction, if required. Where payment service providers are used, we will inform you explicitly below. The legal basis for sharing this data is Art. 6(1)(b) GDPR.

8.4 Contracts via Online Shop, Retailers, and Shipping
We only transfer personal data to third parties where necessary for the fulfillment of the contract—for example, to the company responsible for delivery or to the financial institution handling payment processing. No further data will be transferred unless you have given explicit consent. Your data will not be passed on to third parties for advertising purposes without your express consent.

The legal basis for data processing is Art. 6(1)(b) GDPR, which permits data processing for the performance of a contract or pre-contractual measures.

8.5 Contact Form / Inquiries
When contacting us (e.g., via contact form or email), personal data is collected. The data collected via a contact form is evident from the form itself. This data is stored and used exclusively for the purpose of responding to your inquiry and for the associated technical administration. The legal basis for processing this data is our legitimate interest in responding to your inquiry in accordance with Art. 6(1)(f) GDPR. If your inquiry is intended to lead to the conclusion of a contract, the additional legal basis is Art. 6(1)(b) GDPR.

Your data will be deleted once your inquiry has been fully resolved and provided there are no statutory retention obligations.

8.6 Application Management / Job Portal

General Information:
If you apply for a position at our company, we collect and process your personal data for the purpose of managing the application process. Processing may also occur electronically, particularly if you submit your application documents via email.
If an employment or service contract is concluded with you, the data transmitted will be stored for the purpose of managing the employment relationship, in compliance with legal regulations.
If no contract is concluded, the application documents will be automatically deleted six months after the rejection decision is communicated, unless other legitimate interests on our part prevent deletion. A legitimate interest in this context may, for example, be the obligation to provide evidence in proceedings under the German General Equal Treatment Act (AGG).

The legal basis for processing your data is Art. 6(1)(b) GDPR, Art. 88 GDPR in conjunction with § 26(1) of the German Federal Data Protection Act (BDSG).

Information on the Use of P&I HR Software:
In our Human Resources (HR) department, we use the HR software “P&I” provided by Personal & Informatik AG (P&I), Kreuzberger Ring 56, 65205 Wiesbaden, Germany.

The service is integrated into our career subpages via an iFrame. When you visit one of these subpages, a connection is established to pi-asp.de. As a result, the following data is processed by P&I upon access:

  • Name of the specific webpage accessed,
  • Date and time of access,
  • Browser information,
  • Operating system used,
  • Screen resolution and color depth of the device used,
  • IP address.

If you apply for a position with us, the data you submit will be processed by the service as part of the application process and other HR-related activities.

The use of P&I is based on Art. 6(1)(f) GDPR. We have a legitimate interest in providing reliable application functionalities and efficient HR data processing.

We have entered into a data processing agreement (DPA) with P&I pursuant to Art. 28 GDPR. This is a legally required agreement that ensures P&I processes the personal data of our website visitors only according to our instructions and in compliance with the GDPR.

For more information about P&I's data protection practices, please visit: https://www.pi-ag.com/datenschutz.

 

9. Marketing Communications via E-mail

9.1 Marketing Communication to Existing Customers
If you have provided us with your email address in connection with the purchase of goods or services, we reserve the right to send you regular offers for similar goods or services from our range by email. In accordance with § 7(3) of the German Unfair Competition Act (UWG), we are not required to obtain separate consent from you for this purpose. The data processing is carried out solely based on our legitimate interest in personalized direct advertising pursuant to Art. 6(1)(f) GDPR.

If you initially objected to the use of your email address for this purpose, you would not receive any marketing emails from us. You have the right to object to the use of your email address for marketing purposes at any time with future effect by contacting the data controller mentioned at the beginning of this privacy policy. You will only incur transmission costs according to the basic rates. Upon receipt of your objection, the use of your email address for advertising purposes will be stopped immediately.

9.2 Marketing Communication to Subscribers
Our website offers you the option to subscribe to our company’s marketing communication. The personal data transmitted to us when subscribing is specified in the respective input form.

We inform our customers and business partners regularly by way of email marketing about our offers. You can only receive marketing communications from our company if:

  1. you have a valid email address, and
  2. you have subscribed to receive marketing communications.

For legal reasons, a confirmation email will be sent to the email address provided when signing up, using the double opt-in procedure. This confirmation email is used to verify whether the owner of the email address has authorized the subscription.

When registering for the marketing communication, we also store the IP address assigned by your Internet Service Provider (ISP) and the date and time of registration. This data is stored to trace any potential misuse of your email address later and therefore serves as legal protection for us.

The personal data collected during registration is used exclusively for sending our marketing communication. Subscribers may also be informed by email if necessary for the operation of the service or related registration, for example, in the case of changes to the offering or technical adjustments. The personal data collected will not be disclosed to third parties. You may cancel your subscription at any time. You may also revoke your consent to the storage of personal data provided during registration at any time. A corresponding link for revocation is included in every marketing email. You also have the option to unsubscribe directly to our website or to inform us via other means.

The legal basis for the processing of data for the purpose of sending marketing communications is Art. 6(1)(a) GDPR.

Your personal data provided when subscribing will be deleted once you unsubscribe from our marketing communication.

 

10. Our Activities in Social Networks

To enable us to communicate with you and inform you about our services via social networks, we maintain publicly accessible profiles on various platforms.

We are not the original provider (controller) of these platforms, but we merely use them within the scope of the options provided by the respective providers. Please note that your data may be processed outside the European Union (EU) or the European Economic Area (EEA). This may entail data protection risks for you, as it could make it more difficult to exercise your rights e.g., access, deletion, objection, and because data processing on social media platforms is often carried out for advertising purposes or to analyze user behavior—frequently without our ability to influence this. If usage profiles are created by the platform providers, cookies are often used, or usage behavior is linked directly to your personal social network profile (if you are logged in).

These processing operations are carried out in accordance with Art. 6(1)(f) GDPR based on our legitimate interest and the legitimate interests of the respective providers in communicating with users in a contemporary and effective manner and in promoting our services. Where platform providers require user consent for data processing, the legal basis is Art. 6(1)(a) GDPR in conjunction with Art. 7 GDPR.

As we have no access to the data stored by the platform providers, we recommend that you exercise your data subject rights e.g., access, correction, and deletion directly with the respective provider. Below, we provide details on how your data is processed by the social networks we use and how to exercise your right to object or withdraw consent (opt-out):

10.1 Facebook
Joint controller for data processing in Europe:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Meta may process personal content of adult European users to train its own AI models. We have objected to this processing in relation to our presence on the platform.
Privacy Policy: https://www.facebook.com/about/privacy

10.2 Instagram
Joint controller for data processing in Germany:
Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Meta may process personal content of adult European users to train its own AI models. We have objected to this processing in relation to our presence on the platform.
Privacy Policy: https://instagram.com/legal/privacy/

10.3 YouTube
Joint controller for data processing in Europe:
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy Policy: https://policies.google.com/privacy
Ad settings: https://adssettings.google.com/authenticated

10.4 LinkedIn
Joint controller for data processing in Europe:
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Privacy Policy: https://www.linkedin.com/legal/privacy-policy

10.5 XING
Controller for data processing in Germany:
XING AG, Dammtorstraße 29–32, 20354 Hamburg, Germany
Privacy Policy: https://privacy.xing.com/en/privacy-policy
Information access requests for XING members: https://www.xing.com/settings/privacy/data/disclosure

 

11. Cookies

We use cookies on our website. These are small text files that are automatically created by your browser and stored on your device (e.g., laptop, tablet, smartphone) when you visit our site. Cookies do not cause any damage to your device, and they do not contain viruses, trojans, or other harmful software.

Cookies store information that arises in connection with the specific device used. However, this does not mean that we obtain direct knowledge of your identity.

The use of cookies serves primarily to make your interaction with our services more convenient. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site. In addition, we also use temporary cookies to enhance user experience. These are stored on your device for a predefined period. If you return to our site to use our services, it will automatically recognize that you have visited us before and recall the inputs and settings you made, so you do not have to re-enter them.

The data processed by these technically necessary cookies is required for the purposes of safeguarding our legitimate interests as well as those of third parties in accordance with Art. 6(1)(f) GDPR—namely, to ensure the optimal presentation of our website and enable all its intended functionalities.

Processing your data through our consent cookie is necessary to fulfill our obligation to document your consent in accordance with Art. 7(1) GDPR. This processing is based on Art. 6(1)(c) GDPR.

For all other cookies that are not strictly necessary from a technical standpoint, you have given your consent via our opt-in cookie banner in accordance with Art. 6(1)(a) GDPR.

You can configure your browser settings so that no cookies are stored on your computer or so that a warning appears before a new cookie is created. However, please note that disabling cookies entirely may result in limited functionality of our website.

 

12. Plugins and Other Services

12.1 Google Maps
We use Google Maps (API) on our website. The service is operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google corporate group headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Maps is a web service used to display interactive maps to visually represent geographical information. Using this service can, for example, help you locate our business location and simplify directions.

When you access any of the subpages that contain the Google Maps map, information about your use of our website (e.g., your IP address) is transmitted to Google servers in the USA and stored there—provided you have given your consent pursuant to Art. 6(1)(a) GDPR. Google Maps may also load Google Web Fonts, Google Photos, and Google Stats. These services are also provided by Google Ireland Limited. When a page that includes Google Maps is accessed, your browser automatically loads the required web fonts and photos into your browser cache. To do this, the browser establishes a connection to Google’s servers, thereby allowing Google to know that our website was accessed via your IP address. This occurs regardless of whether you are logged into a Google account. If you are logged into Google, your data is directly associated with your account. If you do not want your data to be associated with your Google profile, you must log out before accessing our site.

Google stores user data (even for non-logged-in users) as user profiles and evaluates them for advertising and analytics purposes. You have the right to object to the creation of these user profiles, which must be exercised directly with Google.

If you do not agree to the future transmission of your data to Google in connection with the use of Google Maps, you can also completely deactivate the Google Maps web service by disabling JavaScript in your browser. As a result, Google Maps and the map display on this website will no longer function.

These processing operations are carried out solely with your explicit consent in accordance with Art. 6(1)(a) GDPR.

Google's Terms of Use can be found at: https://www.google.de/intl/en/policies/terms/regional.html,
Additional Terms of Use for Google Maps: https://www.google.com/intl/en/help/terms_maps.html

The parent company, Google LLC, is certified under the EU-U.S. Data Privacy Framework. This constitutes an adequacy decision under Art. 45 GDPR, which allows for the transfer of personal data without additional safeguards or measures.

You can view the Google Maps privacy policy at: https://www.google.de/intl/de/policies/privacy/.

12.2 YouTube (Videos)
We have integrated components from YouTube on this website. YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA, a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

YouTube is an online video portal that allows video publishers to upload videos free of charge and enables other users to view, rate, and comment on them, also free of charge. The platform supports all types of video content, including complete films and TV shows, music videos, trailers, and user-generated content.

Each time you visit a page on our site containing a YouTube video, your browser automatically downloads the associated component from YouTube. YouTube may also load additional services such as Google Web Fonts (fonts.gstatic.com), Google Video, DoubleClick (doubleclick.net), Google Photos, and YouTube images (ytimg.com). Further information about YouTube can be found at https://www.youtube.com/yt/about/.

During this process, YouTube and Google gain knowledge of which specific subpage of our website you are visiting. If you are logged in to YouTube at the same time, this information is associated with your YouTube account. This occurs regardless of whether you click on a video or not. To prevent this data transfer to YouTube and Google, you must log out of your YouTube account before visiting our website if you do not wish for such associations to be made.

These processing operations are carried out solely with your explicit consent in accordance with Art. 6(1)(a) GDPR.

The parent company, Google LLC, is certified under the EU-U.S. Data Privacy Framework. This constitutes an adequacy decision under Art. 45 GDPR, which permits the transfer of personal data without further guarantees or additional measures.

You can view YouTube’s privacy policy at: https://www.google.de/intl/en/policies/privacy/

 

13. Web Analytics

13.1 Matomo

We use components of the open-source software Matomo on this website. Matomo is a web analytics tool used to collect, compile, and evaluate data on the behavior of website visitors.

Among other things, it records data about which subpages are accessed, how often, and for how long individual pages are viewed. This information helps us optimize the website and conduct cost-benefit analyses of online marketing activities.

The software is operated on our own server, and the privacy-sensitive log files are stored exclusively on that server.

We do not use cookies with Matomo, and your IP address is processed only in anonymized form. Matomo's “browser feature detection,” which could read out information about browser plug-ins installed on your device, is disabled.

For more information on Matomo’s privacy-friendly configuration: https://matomo.org/gdpr-analytics/

These processing operations are based on our legitimate interest in analyzing website visitor numbers to measure and improve the efficiency of our online presence, pursuant to Art. 6(1)(f) GDPR.

You can view Matomo’s privacy policy at: https://matomo.org/privacy/

 

14. Your Rights as a Data Subject

14.1 Right to Confirmation
You have the right to obtain confirmation from us as to whether personal data concerning you is being processed.

14.2 Right of Access Art. 15 GDPR
You have the right to obtain, at any time and free of charge, access to the personal data stored about you and to receive a copy of this information.

14.3 Right to Rectification Art. 16 GDPR
You have the right to request the correction of inaccurate personal data concerning you. Considering the purposes of the processing, you also have the right to request the completion of incomplete personal data.

14.4 Right to Erasure Art. 17 GDPR
You have the right to request the immediate erasure of personal data concerning you, provided that one of the legally specified reasons applies and the processing is not necessary.

14.5 Right to Restriction of Processing Art. 18 GDPR
You have the right to request the restriction of processing where one of the legal conditions is met.

14.6 Right to Data Portability Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, in exercising your right to data portability pursuant to Art. 20(1) GDPR, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible and provided this does not adversely affect the rights and freedoms of others.

14.7 Right to Object Art. 21 GDPR
You have the right to object, on grounds relating to your situation, at any time to the processing of personal data concerning you which is based on Art. 6(1)(e) (processing in the public interest) or (f) (processing based on legitimate interests) GDPR.
 

This also applies to profiling based on these provisions within the meaning of Art. 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or if the processing serves to establish, exercise, or defend legal claims.

In some cases, we may process personal data for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such marketing.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

In addition, you have the right to object, on grounds relating to your situation, to the processing of personal data concerning you for scientific or historical research purposes or for statistical purposes pursuant to Art. 89(1) GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest. You are also free to exercise your right to object in connection with the use of information society services—regardless of Directive 2002/58/EC by means of automated procedures using technical specifications.

14.8 Right to Withdraw Consent
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.

14.9 Right to Lodge a Complaint with a Supervisory Authority
You have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data.

 

15. Routine Erasure, Blocking, and Retention of Personal Data

We process and store your personal data only for the period of time required to achieve the purpose of storage or if this is provided for by legal regulations to which our company is subject.

If the storage purpose no longer applies or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

 

16. Validity and Amendments to this Privacy Policy

This privacy policy is currently valid and was last updated in December 2024.

Due to the further development of our website and services, or due to changes in legal or regulatory requirements, it may become necessary to amend this privacy policy. The most recent version of the privacy policy can be accessed and printed at any time from our website at: https://www.werthenbach.de/en/data-privacy

 

17. Additional Privacy Information

For customers & suppliers of industrial technology
More information

 

18. Privacy Information on Warranty, Guarantee, or Goodwill Claims

More information

 

 

Contact us

If you have any questions about our privacy policy, please send us an e-mail to the following address:

datenschutzbeauftragter@werthenbach.de

or write to us at:

Carl Werthenbach
Konstruktionsteile GmbH & Co KG
Data Protection Officer
Grafenheider Str. 101
33729 Bielefeld, Germany

Our external Data Protection Officer will be happy to answer your questions.