Privacy Policy

last updated: 07. May 2020

Introduction

We are glad that you are on our side and that you are interested in our work and our company. In the following we would like to explain to you how we handle your personal data. Much of this we have to explain in great detail, which means that the privacy policy is often not read. In order to counteract this, we would like to briefly point out the most important points to you in advance.

The main points

  1. We do not use Google Analytics or any other external analysis software. This is especially important to us, because we do not want to support the business with personal data. But of course it is important to us how our site and our products are used. This allows us to develop customer-oriented and so provide you with useful improvements. For this reason, we collect data on usage behavior ourselves. As far as technically possible, the data will be anonymised before evaluation and otherwise pseudonymised. So you can use our site without any worries and we understand what our customers need, without passing on your personal data.

  2. All our systems and data transmissions are encrypted. We know that no system can be completely secure. For this reason, we give a lot of thought to how we can protect your data from unauthorized access. A secure transmission between our systems and the encrypted storage of personal data is naturally for us.

  3. Your data is valuable to you and must therefore be secure. It is bad when when the work of a week, a day or even a few hours suddenly disappears or is destroyed. By making an encrypted copy of your data, we can back up your data and still ensure that only you have or can grant access to it.

If you have more questions about data protection or want to know exactly how we handle your data, then just read on or contact us. You can find our contact details under legal notices or here. We are also the responsible persons in terms of the DSGVO:

WeValCo GmbH
Hauptstrasse 21a
90522 Oberasbach

You can also use our contact form.

Definitions

Below you will find an explanation of frequently used terms. The source of the information is always behind the explanation, so that you can get further information there if necessary.

Personal data (DSGVO Art. 4)

… is all the information,

  • which relate to an identified or identifiable natural person (hereinafter referred to as ‘person concerned’);

  • which is an expression of the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person

An identifiable person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identification or one or more special characteristics.

Processing (DSGVO Art. 4)

… means any operation or set of operations, performed with or without the use of automated means, concerning personal data, such as collection, recording, organisation, ordering, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.

Restriction of processing (DSGVO Art. 4)

… is the marking of stored personal data with the aim of limiting their future processing.

Profiling (DSGVO Art. 4)

… shall mean any automated processing of personal data which consists in the use of personal data to evaluate certain personal aspects relating to a natural person, in particular with a view to analysing or predicting aspects relating to the performance of work, the economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or movements of that natural person.

Pseudonymisation (DSGVO Art. 4)

… means the processing of personal data in such a way that the personal data cannot be related to a specific person concerned without the provision of additional information, provided that this additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data is not related to an identified or identifiable natural person.

Anonymised data (DSGVO recital 26)

… is information which does not relate to an identified or identifiable natural person, or personal data which has been rendered anonymous in such a way that the person concerned cannot be identified or can no longer be identified.

Person responsible (DSGVO Art. 4)

… is the natural or legal person, public authority, agency or other body which alone or together with others determines the purposes and means of the processing of personal data.

Contract processors (DSGVO Art. 4)

… is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the resonsible person.

Receiver (DSGVO Art. 4)

… is any natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, authorities which may receive personal data in the context of a specific investigation task under union or national law shall not be considered as recipients; the processing of such data by those authorities shall be carried out in accordance with the applicable data protection rules and in accordance with the purposes of the processing.

Third party (DSGVO Art. 4)

… shall mean any natural or legal person, public authority, agency or any other body except the person concerned, the resonsible person, the contract processors and those persons who, under the direct authority of the resonsible person or the contract processor, are authorized to process personal data.

Consent of the person concerned (DSGVO Art. 4)

… shall mean any freely given, informed and unequivocal expression of will in the specific case, in the form of a declaration or any other unequivocal affirmative act by which the person concerned signifies his or her agreement to the processing of personal data relating to him or her.

Cookie

Is a text file in which information is stored. This file is stored on the computer of a person concerned. This file can be edited and evaluated from the server and from the web browser. It is used, for example, to store logon information and individual settings. There are technically necessary cookies, without which a website will not function, and optional cookies. The latter are used, for example, to log usage behaviour. Each person concerned therefore has the right to decide for himself or herself whether or not to activate optional cookies. It is not permissible for a person concerned to first switch off optional cookies (ECJ, 01.10.2019: C-673/17).

IP masking

Is a pseudonymization procedure in which the last digits of an IP address are removed. As a result, it is no longer possible to assign the user. The assignment then refers to an entire region.

Overview of the processing activities

Below you will find a list of processes for which we require personal data.

  • Provision of the website (e.g. login, IP addresses, server log files)

  • Contact options via e-mail, post, telephone, feedback and contact form (e.g. name, telephone number, address and anything else you can tell us)

  • Commercial aspects such as payment, contracts and accounting (e.g. name, address, bank details, contract data)

Lawfulness of processing (DSGVO Art. 6)

According to the law, personal data may only be processed if one of the following conditions is met. The following is an extract of conditions relevant to us. All other conditions can be found in the above mentioned law.

Consent

The person concerned has given his/her consent to the processing of personal data relating to him/her for one or more specified purposes.

Performance of the contract

The processing is necessary for the performance of a contract to which the person concerned is party or in order to take steps at the request of the person concerned prior to entering into a contract.

Legal obligation

The processing is necessary for compliance with a legal obligation to which the responsible person is subject.

Public interest

The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the responsible person.

Legitimate interest

The processing is necessary (with limitations) to protect the legitimate interests of the responsible person or of a third party.

Rights of the person concerned (DSGVO Art. 12 – 23)

You, as a person concerned, have the right

  • upon request and free of charge, to receive information about the origin, recipient and purpose of your personal data;

  • demand the correction of false data;

  • delete your data or restrict its processing;

  • to revoke any consent to processing once given;

  • to receive your submitted personal data in a structured, common and machine-readable form

  • DSGVO infringements to a competent supervisory authority.

If you have any questions regarding our data protection or if you wish to exercise your rights, please contact us. You can find our contact details at the beginning of this statement or in our legal notes.

Please note that further restrictions or rights may also result from national regulations on data protection – in Germany, for example, the Federal Data Protection Act (BDSG) or the data protection laws of the individual federal states.

Security measures

In order to protect your data appropriately, we implement a variety of technical and organisational measures. These measures include access controls, pseudonymisation, anonymisation and encryption.

  • We use SSL encryption for secure data transmission, which you can recognize by the prefix https:// and the lock symbol in the address bar of your browser. All our internal connections between services and computers are also encrypted.

  • As far as it is technically and legally possible for us, we shorten your IP address so that an exact assignment to you is prevented.

  • Our backups are encrypted and we use security measures to protect them against unauthorized access.

  • Our systems are redundant to minimise any failure of our services and ensure your data and access to itAll systems and data are protected against unauthorized access.

  • All internal systems and data are protected against unauthorized access.

Data collection and processing

Cookies

We use cookies in order to offer you our services and to implement legal requirements (technically necessary cookies) and to analyse the behaviour of our users on the site (optional cookies). You can agree to the use of optional cookies (if available) and help us to improve our services. Once you have given your consent, you can also revoke it at any time.

Cookies are text files that are stored on your computer and can be written and read by both the browser and the server. They are transferred when you visit a website and contain various information. We delete some of the cookies at the end of your visit to our website. Other cookies remain on your computer so that we recognize you the next time you visit our website and you do not have to change certain settings again. You can delete these cookies manually or automatically and regularly via your browser.

The basis of processing is based on information:

  • to Art. 6 para. 1 lit. f DSGVO, as we have a legitimate interest in providing you with our content without errors.

  • to Art. 6 para. 1 lit. e DSGVO, since a public interest may exist.

  • to Art. 6 para. 1 lit. A DSGVO if you have given us your consent.

Server log files

We store and process some of the data that your browser automatically sends to us. This includes:

  • IP address for up to seven days for the traceability of crimes or attacks, then anonymised by IP-masking, unless there are legal regulations that make longer storage necessary

  • Browser name and version operating system and architecture (e.g. Windows 10 Pro 64Bit)

  • Visited page

  • Timestamp

If required by law, we have to store some of this data. This can be e.g. the IP addresses with port and time stamp, in order to provide law enforcement agencies with the information necessary for criminal prosecution. Others information we need in order to make the contents of our website available and to optimise them. The server log files are stored and evaluated separately from other personal data.

The basis of processing is based on information:

  • to Art. 6 para. 1 lit. f DSGVO, as we have a legitimate interest in providing you with our content without errors.

  • to Art. 6 para. 1 lit. e DSGVO, since a public interest may exist.

Contact form

The contact form offers you a safe and easy way to get in touch with us. The data you enter there will be transmitted encrypted and saved. We use a role concept in order to make your data available for processing only to a responsible group of people. At the end of each case or if you object to processing in the meantime, we will delete your data transmitted in this way.

The basis for processing depends on your cover letter:

  • If you have given us your consent (Art. 6 para. 1 lit. a DSGVO)

  • If the request concerns a contractual object (Art. 6 para. 1 lit. b DSGVO)

  • Because we have a legitimate interest in sending you an answer as soon as possible (Art. 6 para. 1 lit. f DSGVO)

Inquiry by e-mail, telephone or mail

If you contact us by e-mail, telephone or mail, we cannot guarantee secure transmission of the data. It is at your discretion to send us the data in this way. In order to process your request, we will store the data you send us and process it for this purpose. We use a role concept in order to make your data available for processing only to a responsible group of people. At the end of each case or if you object to processing in the meantime, we will delete the data you have submitted in this way.

The basis for processing depends on your cover letter:

  • If you have given us your consent (Art. 6 para. 1 lit. a DSGVO)

  • If the request concerns a contractual object (Art. 6 para. 1 lit. b DSGVO)

  • Because we have a legitimate interest in sending you an answer as soon as possible (Art. 6 para. 1 lit. f DSGVO)

Cloud services

We use cloud services, e.g. for sending e-mails, spreadsheets, accounting, storage and computing capacity, document management and communication. We may use some of your personal information to provide the Website, issue invoices or communicate with you. As far as it is technically possible, we encrypt the stored data and use encrypted connections. We have concluded an order processing contract (AVV) with the cloud service providers, which regulates their rights and obligations.

The basis of the processing depends on the data being processed:

  • If you have given us your consent (Art. 6 para. 1 lit. a DSGVO)

  • If the request concerns a contractual object (Art. 6 para. 1 lit. b DSGVO)

  • Because we have a legitimate interest in providing you with a requested service (Art. 6 para. 1 lit. f DSGVO)

  • Because a public interest may exist (Art. 6 para. 1 lit. e DSGVO)

Analysis and optimization

We test, analyze and optimize our website and services. For this purpose we use pseudonymised or anonymised data which we obtain from the usage behaviour of our visitors. It is our aim to process only anonymised data for this data processing. Unfortunately, this is not always technically possible, which is why we also use pseudonymise data and make it anonymous for this data processing as quickly as possible.

We are of the opinion that there should be no business with personal data. Therefore, we do not use external providers (such as Google Analytics) to evaluate and analyze your data. All evaluations and analyses are done by ourselves and serve only to improve our offer for our users and therefore you as well.

The basis of the processing depends on the data being processed:

  • If you have given us your consent (Art. 6 para. 1 lit. a DSGVO)

  • Because we have a legitimate interest in improving our services (Art. 6 para. 1 lit. f DSGVO)

  • Because it is not data protection-relevant information (DSGVO recital 26)

Deletion and blocking of personal data

If we process personal data from you, these are deleted as soon as the purpose of the processing is no longer given. For example, if you ask us a question via the contact form and we have answered this question to your satisfaction, the purpose of keeping the data for a longer period of time will no longer apply and we will delete your data. This approach results from the DSGVO, but it also fits in very well with our values of working efficiently and conserving resources.

However, the processing of your data may also result in a purpose that does not allow for deletion. For example, you use the contact form to request that we conclude a contract with you. In this case, the data from the enquiry will still be relevant for booking purposes after conclusion of the contract and must be retained. In this case, your data will only be deleted after the statutory retention period of 6 or 10 years (see §147 AO). This data will be blocked for all other processing purposes.

The basis of the processing depends on the data being processed:

  • If you have given us your consent (Art. 6 para. 1 lit. a DSGVO)

  • If the request concerns a contractual object (Art. 6 para. 1 lit. b DSGVO)

  • Because we have a legitimate interest in providing you with a requested service (Art. 6 para. 1 lit. f DSGVO)

  • Because a public interest may exist (Art. 6 para. 1 lit. e DSGVO)

Revisions of the privacy policy

As we would like to constantly improve and expand our services, we will also adapt our data protection declaration. New and changed systems are followed by a change in processing activities and therefore an adjustment of the data protection declaration is necessary. Therefore, please check this page regularly and inform yourself about changes. We will inform you in time about any changes that make your consent necessary or change an already given consent. Thank you for your interest in our company and our services. If you have any hints, suggestions or questions, please do not hesitate to contact us, we are looking forward to hearing from you!

Thank you very much for your visit and have fun!
Your WeValCo-Team