Data protection statement

Data protection statement

1. Subject matter of this data protection statement

We are glad that you are interested in our website and the offers that can be found here.
The protection of your personal data (hereinafter referred to in short as “the data”) is a great and important concern for us. Therefore, we would like to provide you below with detailed information regarding which data are collected when you visit our website and use the offers therein and how these data are later processed or used by us, as well as what accompanying protection measures we have adopted on a technical and organisational level.

2. Controller/service provider

According to Art. 4 of the EU GDPR the controller and at the same time, service provider as defined by the German Telemedia Act (Telemediengesetz, TMG) is Karl Wörwag Lack- und Farbenfabrik GmbH & Co. KG, Strohgäustraße 28, 70435 Stuttgart, Tel. +49 711 8296-0, Fax+49 711 8296-1222, e-mail: info@woerwag.de. The controller is represented by Mr Georg Saint-Denis, CEO, who is, at the same time, responsible according to Article 55 of the State Broadcasting Treaty.
The service of data protection office has been assigned to Mr Ulrich Emmert, Schockenriedstr. 8A, Tel. +49 711 496058-0, Telefax+49 711 469058-99, e-mail: datenschutz@woerwag.de.

3. Collection and use of your data

All personal data which we learn about you in the course of your use of our website are collected, processed and used only for the indicated purpose. Thereby, we take into account that the above is performed only within the framework of the valid legal regulations or, if necessary, only with your consent.

Please, write to info@woerwag.de or send us your request by post.

The data are processed only within the EU and the European Economic Area, unless the transfer to a third country is notified subsequently or directly upon data collection, including the relevant legal basis and if necessary, a consent will be requested. The provisions on a legal basis for international data transfer and for the necessary requirements can be received from us upon request.

Automatic individual decisions to process personal data are not taken.

The scope and type of collection and use of your data are different if you visit our website just to find information or to use the services we offer:

a) Using information

It is generally not required to provide personal data when using our website only for informational purposes.
In this case we rather collect and use only those data which your browser transfers to us automatically, such as:

  • date and time of the visit to one of our websites
  • browser type
  • browser settings
  • operating system used
  • your last visited websites
  • data volume transferred and access status (files transferred, files not found, etc.), and
  • your IP address.

In the case of an informational visit, we collect and use these data only in a depersonalised form. We do this to facilitate the use of websites you visit in general, for statistical purposes and to improve out internet offer. We save the IP address only for the duration of your visit, there is no personal analysis. We do not combine these data with other data sources and moreover, the data are deleted after a statistical analysis subject to the cases described below. According to the decision of the Federal Supreme Court dated 16th May 2017 (AZ VI ZR 135/13), based on the decision of the European Court of Justice dated 19th October 2016 (AZ C 582/14) and also in view of the Telemedia Act, it is permitted after use, if its collection and use is necessary to ensure the general functionality of the service and if the requirement of anonymous use prevails after careful consideration of the user’s interests. The statistical analysis is required to monitor the patterns of access to websites by individual IP addresses which could execute denial of service attack. Only in the case of abuse or disruption defined as the abuse of the underlying signal transfer according to Section 100 of the German Telecommunications Act (Telekommunikationsgesetz, TKG) are individual IP addresses saved further. In this case the internal data protection officer, the Federal Commissioner for Data Protection, and Freedom of Information and the Federal Network Agency are informed according to Section 100 of the TKG.

The legal basis for this transfer or saving is Art. 6 (I)(b) or Art. 6 (I)(f) of the GDPR in conjunction with Section 15 of the TMG or Section 100 of the TKG, respectively.

b) Using offers

If you would like to use the services we offer on our website or otherwise after contacting us, it might be necessary that you provide more data. These are data which are required for relevant processing according to Art. 6 (I)(b) of the GDPR, otherwise we would not be able to provide the desired service. Other offers are covered by Annex 2, if applicable.

Additional data can be provided voluntarily, optional input slots are marked accordingly.

Your data are collected or used for the purpose of providing the service you require. This also includes, e.g., enquiries by our contact form.

If providing data is prescribed by law, we shall notify you about this.

If necessary, your data shall be forwarded for the above-mentioned purpose to the service providers who support us and whom we have carefully selected and obligated to comply with the EU GDPR.

Your data will only be forwarded to other third parties if it is permitted by law or if we have received your clear consent.

4. Consent under data protection law

To process your data, we need your consent for processing data according to Art. 6 (I)(a) of the GDPR. We ensure that we always process and use data only for the purpose mentioned during their collection.

You can provide your consent separately in relation to the relevant data collection. Later you can revoke the consent at any time with future effect.

The consent for receiving a newsletter refers to Art. 5, consent for cookies or web tracker refers to the below-mentioned Art. 6 of this statement.

5. Newsletter

To be able to subscribe you to our electronic newsletter service, we need your consent under data protection law according to Art. 6 (I)(a) of the GDPR and at least your e-mail address where we should send the newsletter. Any other data are voluntary and will be used to enable us to contact you personally and adjust the newsletter content to your needs, as well as clarify the queries. We will only use the data to send the newsletter.

To send the newsletter we normally use the ‘double opt in’ procedure, that is, we will only send you the newsletter when you confirm your subscription beforehand by clicking the link contained in the confirmation e-mail sent to you for this purpose. In this way, we want to ensure that you can subscribe yourself to the newsletter as the owner of the provided e-mail address. Your respective confirmation must be sent shortly after the receipt of the confirmation e-mail, otherwise your newsletter subscription will be automatically deleted from our data base.

You can unsubscribe from any subscribed newsletter at any time. For this purpose, you can send us an informal e-mail to info@woerwag.de or perform the cancellation by the link provided at the end of the newsletter.

6. Use of cookies

We use cookie technology for our website. Cookies are small text files which our web server sends to your browser when you visit our website. They are saved by your browser on your PC for later retrieval. We also use ‘web beacons’ (invisible graphics). Information such as your visit to our website can be analysed by the web beacons.

This information can also be forwarded by advertising partners to other contractual partners subject to the above-mentioned requirements. The forwarded data cannot be combined with your other saved data. yes

The advertising partners or companies to which the advertising information is forwarded can also be located in countries outside the European Union and European Economic Area (subject to data transfer requirements of the GDPR according to Art. 44-47, standard contract clauses of the EU and/or EU-US Privacy Shield in the case of the USA).

You can determine in the settings of your browser whether cookies can be set and retrieved. You can entirely deactivate saving of cookies on your browser, limit it to specific websites or configure your browser so that it will automatically notify you as soon as a cookie is to be set and it will ask you for feedback. However, due to technical reasons it is required for the full functionality of our website to permit ‘session cookies’.

When you use the login area on the homepage, the account name and correct input of the password are recorded and a session cookie is transferred to the user. This is deleted when you log out or when the maximum session period expires (within several hours).

You will be informed if we permit a login service through a third party provider, allowing them to log in to a protected area. In this case the standard information or the information determined by the user in the settings of the provider’s login will be transferred to us, however, at least a name, e-mail address and date of birth to fulfil the obligations required by Art. 8 and 32 of the GDPR.

According to Art. 13 of the EU GDPR, we take into account the regulation of Art. 6 (I)(f) of the GDPR in conjunction with Section 15 (3) of the TMG and refer to this data protection statement and the use of cookies in the proper form when the use starts. If it is required by law, we will obtain your consent for the use of cookies in advance according to Art. 6 (I)(a) of the GDPR.

7. Right to object

According to Art. 21 of the EU GDPR you can object to processing of your data in the cases mentioned therein. This shall apply, in particular, in the cases of processing based on Art. 6 (I)(e) or Art. 6 (I)(f) or in the form of direct advertising or profiling.

8. Security of data

Moreover, we introduce technical and organisational security measures to protect incoming or collected personal data, in particular, against coincidental or deliberate manipulation, loss, destruction or against access by unauthorised persons. Our security measures are continuously improved according to technological developments.

We have provided you with different online forms and services where you can send personal data to us. These forms are protected against inspection by third parties by the use of TLS encryption. The data which you input or transfer to us as files can be saved and processed by us after it is agreed. If the use and processing require a consent of the user or third party, the consent can be revoked at any time without providing reasons. However, in this case our performance of the contract may be impeded.

Depending on the service, you may be required to input different data for identification or prevention of abuse:

a) For identification in the case of supply of data, you may be required to input a user-specific identification or another suitable authentication. The data are protected by SFTP or HTTPS against use by third parties according to Art. 32 (I)(a) and (b) of the GDPR, if the user deploys the method of transferring data recommended by us.

b) To prevent being used by machines, ‘CAPTCHAS’ may be used according to Art. 32 (I)(b) of the GDPR. They contain images or tasks which cannot be processed by computer scripts.

9. Deleting periods

We store personal data according to Art. 17 of the GDPR only for as long as the purpose of data saving lasts. This does not apply if the user has voluntarily approved a longer processing of data or the deletion is prevented by legal retention periods or possible enforcement of legal claims within the pending statute of limitations (in the case of contradictory retention periods and statute of limitations periods it can become necessary that the processing of data must be restricted according to Art. 18 of the EU GDPR).

10. User rights

According to applicable laws, you have various rights in regards to your personal data. If you would like to exercise these rights, please address your request by e-mail or by post to the address stated above for the controller and provide clear identification.

In the following, you will find an overview of your rights.

a) Right to confirmation and information

You have the right to receive a confirmation from us at any time regarding whether your personal data is being processed. If this is the case, you have the right to receive information at no charge about your stored personal data and a copy of any such data. In addition, you have the right to the following information:
1.    the purposes for the processing;
2.    the categories of personal data that are being processed;
3.    the recipients or categories of recipients to whom the personal data has been disclosed or is being disclosed, particularly for recipients in non-EU countries or in international organisations;
4.    if possible, the planned duration for the storage of the personal data, or if this is not possible, the criteria for the determination of this duration;
5.    any rights to correct or delete your personal data or to limit of the processing of such data by controllers or to refuse the processing of such data;
6.    any rights to file a grievance with a supervisory authority;
7.    if the personal data was not collected from you, all available information about the source of the data;
8.    the existence of any automated decisions, including profiling in terms of article 22 paragraphs 1 and 4 GDPR and – at least in such cases – significant information about the logic used in such decisions as well as the scope and intended effects of such processing for you.

If personal data is transferred to a non-EU country or an international organisation, you have the right to be informed of the respective guarantees in terms of article 46 GDPR in connection with such transfer.

b) Right to correction

You have the right to demand that we immediately correct any incorrect personal data. In consideration of the purposes of the collected data, you have the right to demand the completion of incomplete personal data – including by means of a supplemental declaration.

c) Right to deletion (“right to be forgotten”)

You have the right to demand that we immediately delete your personal data, and we are required to immediately delete personal data if any of the following reasons occur:
1.    The personal data is no longer required to achieve the purposes for which it was collected.
2.    You revoke the consent that allowed the processing according to article 6 paragraph 1 GDPR a) or article 9 paragraph 2 a) GDPR and there is no other legal basis for the processing.
3.    You submit an objection to the processing of your data in accordance with article 21 paragraph 1 GDPR and there are no overriding legal grounds for the processing, or you submit an objection to the processing in accordance with article 21 paragraph 2 GDPR.
4.    The personal data was unlawfully processed.
5.    The deletion of personal data is required under the legal provisions stated in EU law or the law of a member country to which we are subject.
6.    The personal data was collected in connection to information society services according to article 8 paragraph 1 GDPR.

There is no right to deletion if the processing is necessary
1.    to exercise the right to freedom of expression and information;
2. to fulfil a legal obligation to EU law or the laws of member countries to which the controller is subject, or to fulfil a task that is in the public interest or occurs in the exercise of official authority and requires a transfer of data from the controller;
3.    due to public interest in the area of public health according to article 9 paragraph 2 h) and i) or article 9 paragraph 3 GDPR;
4.    for archival purposes that affect the public interest or serve scientific or historical research purposes, or for statistical reasons according to article 89 paragraph 1 GDPR, if the relevant right is likely to make it impossible to realise the goals of such processing or to seriously hinder them.
5.    for the assertion, exercise or defence of legal claims.

If we have made the personal data public and if we are required by article 17 GDPR to delete it, we will take appropriate measures in consideration of the available technologies and their implementation costs to inform the parties responsible for the processing of the personal data that you have requested that they delete all links to such personal data, including copies or replications.

d) Right to the limitation of processing

You have the right to demand that we limit the processing of your data if one of the following conditions occurs:
1.    you contest the accuracy of the personal data (and such data has been stored for a period that has allowed us to check its accuracy),
2.    the processing is unlawful and, instead of deleting the personal data, you have decided to demand that the usage of such data be limited;
3.    we no longer require the personal data to achieve the purposes for which it was collected but you require the data to assert, exercise or protect legal claims, or
4.    you have submitted an objection to the processing of your data according to article 21 paragraph 1 GDPR, if it has not yet been determined whether our company’s legitimate purposes override your legitimate purposes.

If the processing of your personal data has been limited, such data – apart from its storage – can only be processed with your consent or for the exercise or protection of legal claims or to protect the rights of another natural or legal entity or for the purposes of an important public interest for the EU or a member country.

e) Right to data portability

You have the right to receive the personal data that we have been provided in a structured, conventional and machine-readable format, and you have the right to transfer such data to another controller through our company with no obstacles on our part, if
1.    the processing is being carried out based on a declaration of consent in accordance with article 6 paragraph 1 a) GDPR or article 9 paragraph 2 a) GDPR or an agreement in terms of article 6 paragraph 1 b) GDPR, and
2.    the processing takes place using automated procedures.
In exercising your right to data portability according to paragraph 1, you have the right to ensure that we transfer the personal data directly to another controller, if technically possible.
The right to data portability does not apply to the processing of personal data that is required for the completion of a task that is in the public interest or takes place as part of the exercise of public authority that has been required of the controller.

f) Right of refusal

You have the right to refuse at any time the processing of your personal data for purposes stated in article 6 paragraph 1 e) or f) GDPR for reasons arising from your personal situation; this also applies to profiling based on these provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for such processing that override your interests, rights and freedoms or if the processing serves the assertion, exercise or protection of legal claims.
If we process the personal data for the purpose of direct advertisement, you have the right to enter an objection at any time against the processing of such data for the purposes of such advertisement; this also applies to profiling, if it is in connection to such direct advertising.
You have the right to refuse at any time the processing of your personal data for scientific or historical research purposes or for statistical purposes in terms of article 89 paragraph 1 GDPR for reasons arising from your personal situation, unless such processing is necessary to fulfil a task that is in the public interest.

g) Automated decisions including profiling

You have the right to refuse to be subject to a decision that is based exclusively on automated processing, including profiling, that legally affects you or has any similar significant effect.

h) Right to revocation of a declaration of consent regarding personal data

You have the right to revoke a declaration of consent regarding the processing of personal data at any time.

i) Right to submit grievances to a supervisory authority

You have the right to submit grievances to a supervisory authority, particularly in the EU member country in which you live, where your place of work is located or in the location of the supposed infringement if you believe that the processing of your personal data is unlawful.

j) Right to information

If you have exercised the right to information, deletion or limitation of processing by the controller, such party is required to communicate this information, deletion or limitation of the processing to all recipients of the personal data, unless this is proven to be impossible or disproportionately difficult.
You have the right to be informed by the controller of any such recipients.

Appendix 1 Data protection policy for third party services

We may use third party services that transmit information in accordance with § 6 above.

The following services are used by us on the homepage:

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so called “cookies”, which are text files placed on your computer to help the website analyse how you use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf.

Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this you may not be able to use the full functionality of this website.

By using this website, you consent to the processing of data collected about you by Google in the manner and for the purposes set out above. For more detailed information in this regard, please go to tools.google.com/dlpage/gaoptout or to www.google.com/intl/de/analytics/privacyoverview.html (general information on Google Analytics and data protection).