Privacy police

Responsible in terms of the data protection laws, in particular the EU data protection basic regulation (GDPR), is

WM-Beteiligungs- und Verwaltungs-GmbH & Co. KG

Hans-Georg-Weiss-Straße 7
52156 Monschau

Your rights as a data subject

You can exercise the following rights at any time by contacting our data protection officer:

  • Information about your data stored with us and its processing (Art. 15 GDPR),
  • correcting incorrect personal data (Art. 16 GDPR),
  • deletion of your data stored with us (Art. 17 GDPR),
  • restriction of data processing, provided that we are not yet allowed to delete your data due to legal obligations (Art. 18 GDPR),
  • objection to the processing of your data by us (Art. 21 GDPR) and
  • data transferability, if you have consented to data processing or have concluded a contract with us (Art. 20 GDPR).

If you have given us your consent, you can revoke it at any time with effect for the future.

You may at any time submit a complaint to a supervisory authority, e.g. to the competent supervisory authority of the federal state of your residence or to the authority responsible for us as the responsible body.

A list of the supervisory authorities (for the non-public sector) with their addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

 

Automated individual decision-making, including profiling

Every person concerned by the processing of personal data has the right, as granted by the European Directive and Regulation legislator, not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar way, provided that the decision (1) is not necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) is authorised by Union or Member State legislation to which the controller is subject and that such legislation provides for adequate safeguards of the rights and freedoms and legitimate interests of the data subject, or (3) is taken with the explicit consent of the data subject.

If the decision (1) is necessary for the conclusion or performance of a contract between the data subject and the responsible person, or (2) is made with the explicit consent of the data subject, WM-Beteiligungs- und Verwaltungs-GmbH & Co. KG shall take reasonable measures to protect the rights and freedoms as well as the legitimate interests of the person concerned, which shall include at least the right to obtain the intervention of a person from the responsible party, to express his or her own point of view and to challenge the decision.

If the data subject wishes to assert rights with regard to automated decisions, he or she can contact datenschutz(at)weiss-druck(dot)de at any time.


Existence of automated decision making

As a responsible company, we do not use automatic decision making or profiling
 

Collection of general information when visiting our website

The nature and purpose of the processing:

When you access our website, i.e. If you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and similar.

They are processed in particular for the following purposes:

  • Ensuring that the website can be connected without problems,
  • Ensuring a trouble-free use of our website,
  • evaluation of system safety and stability as well as
  • for other administrative purposes.

We do not use your data to draw conclusions about your person. Information of this kind is statistically evaluated by us, if necessary, in order to optimise our Internet presence and the technology behind it.

Legal basis:

Processing is carried out in accordance with Art. 6 Para. 1 lit. f GDPR on the basis of our justified interest in improving the stability and functionality of our website.

Recipient:

Recipients of the data may be technical service providers who act as contract processors for the operation and maintenance of our website.

Duration of storage:

The data will be deleted as soon as it is no longer required for the purpose of collection. This is generally the case for the data which serves to make the website available, when the respective session has ended.

Provision prescribed or necessary:

The provision of the above-mentioned personal data is not required by law or contract. Without the IP address, however, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted. For this reason an objection is excluded.

Cookies

The nature and purpose of the processing:

Like many other websites, we also use so-called "cookies". Cookies are small text files that are stored on your end device (laptop, tablet, smartphone or similar) when you visit our website.

This enables us to obtain certain data such as the IP address, browser used and operating system.

Cookies cannot be used to start programs or transfer viruses to a computer. We can use the information contained in cookies to make navigation easier for you and to enable our web pages to be displayed correctly.

Under no circumstances will the data we collect be passed on to third parties or linked to personal data without your consent.

Of course, you can always view our website without cookies. Internet browsers are regularly set to accept cookies. In general, you can deactivate the use of cookies at any time via the settings of your browser. Please use the help functions of your Internet browser to find out how to change these settings. Please note that individual functions of our website may not work if you have deactivated the use of cookies.

Storage duration and cookies used:

If you allow us to use cookies through your browser settings or consent, the following cookies may be used on our websites:

Operationally relevant cookies

Storage of your choice regarding the storage of cookies (Cookie Consent)

Insofar as these cookies can (also) affect personal data, we inform you about this in the following sections.

You can delete individual cookies or the entire cookie inventory via your browser settings. You will also receive information and instructions on how to delete these cookies or block their storage in advance. Depending on the provider of your browser, you will find the necessary information under the following links:

CONTACT FORM

The nature and purpose of the processing:

The data you enter will be stored for the purpose of individual communication with you. For this purpose, it is necessary to enter a valid e-mail address and your name. This serves to assign the enquiry and to answer it afterwards. The specification of further data is optional.

Legal basis:

The processing of the data entered into the contact form occurs exclusively occurs exclusively on the basis of a legitimate interest (Art. 6 (1) lit. f GDPR).

By providing the contact form, we would like to make it easy for you to contact us. The information you provide will be stored for the purpose of processing your enquiry and for possible follow-up questions.

If you contact us to request an offer, the data entered in the contact form will be processed for the purpose of implementing pre-contractual measures (Art. 6 para. 1 lit. b GDPR).

Recipient:

Recipients of the data may be contract processors.

Duration of storage:

Data will be deleted at the latest 6 months after processing the request.

If there is a contractual relationship, we are subject to the legal retention periods according to the HGB (German commercial code) and delete your data after these periods have expired.

Provision prescribed or necessary:

The provision of your personal data is voluntary. However, we can only process your inquiry if you provide us with your name, your e-mail address and the reason for the enquiry.

Contact form for the whistleblower system

A contact form is integrated on our website, which you can use to report information on incidents and grievances within the framework of the whistleblower system. When you use the contact form, the data from the input mask is transmitted to us and stored, and your IP address, date and time of entry are also stored.

The following data is also processed: Details of the accused person (e.g. surname, first name, title, contact details, position and employment details), details of the (alleged) breaches of conduct and the relevant facts. As the "WEISS Group" reporting procedure stipulates that reports can be made anonymously, no personal data is collected unless the whistleblower states otherwise. Otherwise, personal data such as the name of the reporting person, their contact details and, if applicable, the circumstances of their observation may be considered.

The purpose of data processing is to provide a reporting system (in particular for our data protection customers) as part of the whistleblower system for receiving and clarifying serious suspected cases of breaches of regulations, in particular criminal offences in the area of white-collar crime and corruption.

Personal data of the whistleblower is generally processed on the basis of Art. 6 para. 1 lit. c GDPR in conjunction with Section 12 HinSchG. In other cases, the processing of personal data in the whistleblower system is carried out on the basis of Art. 6 para. 1 lit. f GDPR to safeguard the overriding legitimate interest of the "WEISS Group". This legitimate interest lies in preventing and combating corruption and in processing serious suspected cases of other breaches of rules in connection with the "WEISS Group" and its employees, thereby protecting the "WEISS Group" from possible damage. Since the reporting of violations helps to avoid legal consequences such as criminal prosecution, claims for damages and immense damage to the company's image, the interests of the data subjects worthy of protection in the exclusion of processing or use do not prevail.

The "WEISS Group" always ensures that your personal data is only accessible to a limited number of authorised persons who need to know this data in order to provide the above-mentioned processing purposes.

In order to clarify and investigate the report, the data from the input screen of the contact form will be passed on anonymously to the company concerned in the report. This means that no personal data is passed on to our client.

Your personal data will not be passed on or otherwise transferred to third parties unless this is necessary for the purposes of criminal prosecution. If required by law or orders of state bodies, personal data may be disclosed to them.

Personal data will be retained for the period necessary to clarify and finalise the assessment of the report. Once the investigation has been completed, the personal data will be deleted within a reasonable period of regularly 1 month and in accordance with the legal requirements. In the event that judicial and/or disciplinary proceedings are initiated, the data may be stored until the conclusion of the proceedings or until the expiry of the time limits for legal remedies. Personal data in connection with unfounded reports will be deleted immediately.

Data protection provisions about the application and use of Facebook

The WEISS Group has integrated components of the company Facebook on this website or uses a Facebook account (fan page).

Facebook is a social network.

A social network is a social meeting place operated on the Internet, an online community that generally enables users to communicate with each other and interact in virtual space. A social network can serve as a platform for the exchange of opinions and experiences or enable the Internet community to provide personal or company-related information. Facebook enables social network users to create private profiles, upload photos and network via friend requests, among other things.

The operating company of Facebook is Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller for the processing of personal data is Meta Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. A complete overview of all Facebook plug-ins can be accessed at https://developers.facebook.com/docs/plugins/?locale=de_DE . As part of this technical process, Facebook receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Facebook at the same time, Facebook recognises which specific sub-page of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the Facebook component and assigned by Facebook to the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated on our website, for example the "Like" button, or if the data subject submits a comment, Facebook assigns this information to the personal Facebook user account of the data subject and stores this personal data.

Facebook always receives information via the Facebook component that the data subject has visited our website if the data subject is logged in to Facebook at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Facebook component or not. If the data subject does not want this information to be transmitted to Facebook, they can prevent the transmission by logging out of their Facebook account before accessing our website.

The data policy published by Facebook, which is available at https://de-de.facebook.com/about/privacy/ , provides information about the collection, processing and use of personal data by Facebook. It also explains the setting options Facebook offers to protect the privacy of the data subject. In addition, various applications are available that make it possible to suppress the transmission of data to Facebook. Such applications can be used by the data subject to suppress data transmission to Facebook.

Data protection provisions about the application and use of Instagram

On this website, the controller has integrated components of the Instagram service or uses an Instagram account. Instagram is a service that qualifies as an audiovisual platform and enables users to share photos and videos and also to redistribute such data in other social networks.

The operating company of the Instagram services is Meta Platforms Inc, 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the controller for the processing of personal data is Meta Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which an Instagram component (Insta button) has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Instagram component to download a representation of the corresponding Instagram component. During the course of this technical procedure, Instagram is made aware of what specific sub-page of our website was visited by the data subject.

If the data subject is logged in to Instagram at the same time, Instagram recognises which specific sub-page the data subject is visiting each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the Instagram component and assigned by Instagram to the respective Instagram account of the data subject. If the data subject clicks on one of the Instagram buttons integrated on our website, the data and information transmitted with it is assigned to the personal Instagram user account of the data subject and stored and processed by Instagram.

Instagram always receives information via the Instagram component that the data subject has visited our website if the data subject is logged in to Instagram at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Instagram component or not. If the data subject does not want this information to be transmitted to Instagram in this way, they can prevent the transmission by logging out of their Instagram account before accessing our website.

Further information and the applicable data protection provisions of Instagram can be found at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy/.

Data protection provisions about the application and use of Xing

On this website, the controller has integrated components of Xing or uses a Xing profile. Xing is an Internet-based social network that enables users to connect with existing business contacts and to make new business contacts. Individual users can create a personal profile for themselves on Xing. Companies can, for example, create company profiles or publish job offers on Xing.

The operating company of Xing is XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Xing component (Xing plug-in) has been integrated, the Internet browser on the information technology system of the person concerned is automatically prompted by the respective Xing component to download a representation of the corresponding Xing component from Xing. Further information about the Xing plug-ins may be accessed under dev.xing.com/plugins. As part of this technical process, Xing receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to Xing at the same time, Xing recognises which specific subpage of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the Xing component and assigned by Xing to the respective Xing account of the data subject. If the data subject clicks on one of the Xing buttons integrated on our website, for example the "Share" button, Xing assigns this information to the personal Xing user account of the data subject and stores this personal data.

Xing always receives information via the Xing component that the data subject has visited our website if the data subject is logged in to Xing at the same time as accessing our website; this takes place regardless of whether the data subject clicks on the Xing component or not. If the data subject does not want this information to be transmitted to Xing in this way, they can prevent the transmission by logging out of their Xing account before accessing our website.

The data protection provisions published by Xing, which can be accessed at https://www.xing.com/privacy, provide information about the collection, processing and use of personal data by Xing. Xing has also published data protection information for the XING share button at https://www.xing.com/app/share?op=data_protection.

Data protection provisions about the application and use of LinkedIn

On this website, the controller has integrated components of LinkedIn Corporation or uses a LinkedIn profile. LinkedIn is an Internet-based social network that enables users to connect with existing business contacts and make new business contacts. Over 400 million registered people use LinkedIn in more than 200 countries. This makes LinkedIn currently the largest platform for business contacts and one of the most visited websites in the world.

The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data protection matters outside the USA.

Each time you visit our website, which is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser used by the data subject to download a corresponding representation of the LinkedIn component. Further information on the LinkedIn plug-ins can be found at developer.linkedin.com/plugins As part of this technical process, LinkedIn receives information about which specific subpage of our website is visited by the data subject.

If the data subject is logged in to LinkedIn at the same time, LinkedIn recognises which specific sub-page of our website the data subject is visiting each time the data subject accesses our website and for the entire duration of their stay on our website. This information is collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject clicks on one of the LinkedIn buttons integrated on our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores this personal data.

LinkedIn always receives information via the LinkedIn component that the data subject has visited our website if the data subject is logged in to LinkedIn at the same time as accessing our website; this occurs regardless of whether the data subject clicks on the LinkedIn component or not. If the data subject does not want this information to be transmitted to LinkedIn, they can prevent the transmission by logging out of their LinkedIn account before accessing our website.

LinkedIn offers the option to unsubscribe from email messages, SMS messages and targeted ads and to manage ad settings at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. The applicable data protection provisions of LinkedIn may be retrieved under https://www.linkedin.com/legal/privacy-policy LinkedIn's cookie policy is available at https://www.linkedin.com/legal/cookie-policy.

USE OF GOOGLE ANALYTICS

The nature and purpose of the processing:

This website uses Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (hereinafter referred to as: "Google"). Google Analytics uses so-called "cookies", i.e. which are text files stored on your computer and which analyse how you use a website. The cookie-generated data regarding your use of this website will generally be forwarded to a Google server in the USA and stored there. Based on the activation of the IP anonymisation on this website, your IP address will be truncated by Google within the Member States of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server based in the USA and shortened. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. The IP address provided by your browser as part of Google Analytics will not be merged with other Google data.

The purposes of the data processing are to evaluate the use of the website and to compile reports on activities on the website. Based on the use of the website and the Internet, further related services are then to be provided.

Legal basis:

The processing of data is based on the consent of the user (Art. 6 Para.1 lit. a GDPR).

Recipient:

The recipient of the data is Google as the processor of the order. We have concluded the corresponding contract with Google for this purpose.

Duration of storage:

The data is deleted as soon as it is no longer required for our recording purposes.

Third country transfer:

Google also processes your data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Provision prescribed or necessary:

The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may result in functional restrictions on the website.

Revocation of consent:

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing the browser plugin available under the following link. Browser Add On to deactivate Google Analytics.

Additionally or as an alternative to the Browser Add-On you can disable tracking by Google Analytics on our pages by clicking this link. This will install an opt-out cookie on your device. This prevents Google Analytics from tracking this website and this browser in the future as long as the cookie remains installed in your browser.

Profiling:

The tracking tool Google Analytics can be used to evaluate the behaviour of website visitors and analyse their interests. For this purpose we create a pseudonymous user profile.

USE OF SCRIPT LIBRARIES (GOOGLE WEBFONTS)

USE OF SCRIPT LIBRARIES (GOOGLE WEBFONTS)

In order to display our content correctly and graphically appealing across browsers, we use "Google Web Fonts" from Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter "Google") on this website to display fonts.

The privacy policy of the library operator Google can be found here: https://www.google.com/policies/privacy/

Legal basis:

The legal basis for the integration of Google Web Fonts is your consent (Art. 6 para. 1 lit. a GDPR).

Recipient:

Calling up script libraries or font libraries does not trigger a connection to the library operator. The necessary data for calling up the Google fonts used are stored on our web server.

Duration of storage:

We do not collect any personal data by integrating Google Webfonts.

Further information on Google's web fonts can be found at https://developers.google.com/fonts/faq and in Google's data privacy policy:  https://www.google.com/policies/privacy/.

Third country transfer:

Through the local integration of the fonts via our own web server, there is no third country transfer of your data.

Provision prescribed or necessary:

The provision of personal data is not required by law or contract. However, it may not be possible to display the content correctly using standard fonts.

Revocation of consent:

The programming language JavaScript is regularly used to display the content. You can therefore object to the data processing by deactivating the execution of JavaScript in your browser or installing a JavaScript blocker. Please note that this may result in functional restrictions on the website.

Google reCAPTCHA

Nature and purpose of the processing
In our internet presence we use Google reCAPTCHA to check and avoid interactions on our website through automated access, e.g. through so-called bots. This is a service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter only "Google".

Legal basis:
The legal basis is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in the security of our Internet presence and in the prevention of unwanted, automated access in the form of spam or similar.

Recipient:

The recipient of the data is Google as the processor of the order. We have concluded the corresponding contract with Google for this purpose.

This service enables Google to determine from which website a request is sent and from which IP address you are using the so-called reCAPTCHA input box. In addition to your IP address, Google may also collect other information that is necessary for the offer and guarantee of this service. 

Duration of storage:

The data is deleted as soon as it is no longer required for our recording purposes.

Third country transfer:

Google also processes your data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Google offers further information on the general handling of your user data at https://policies.google.com/privacy 

Routine deletion and blocking of personal data

The controller shall process and store personal data relating to the data subject only for the time necessary to achieve the purpose of storage or where provided for by the European Directive and Regulation or by any other law or regulation to which the controller is subject.

If the purpose for storage ceases to apply or if a storage period prescribed by the European Directive and Regulation legislator or any other competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.

SSL Encryption

To protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS.

Changes to our Privacy Policy Regulations

We reserve the right to adapt this data privacy policy so that it always meets the current legal requirements or to implement changes to our services in the data privacy policy, e.g. when introducing new services. The new data protection declaration then applies to your renewed visit.

Questions to the data protection officer

If you have any questions regarding data protection, please send us an e-mail or contact the person responsible for data protection in our organisation directly:

WEISS-Druck GmbH & Co. KG
Data protection officers
Hans-Georg-Weiss-Straße 7
52156 Monschau

datenschutz(at)weiss-druck(dot)de