Privacy Policy

for the WESA-Armaturen GmbH website

www.wesa-armaturen.de

1. General notes

In the following information, we would like to give you an overview of how we process your personal data as well as your rights under data protection laws. As a matter of principle, it is possible to use our web pages without entering any personal data. However, if you want to make use of the special services provided by our company via our website, processing of personal data may be necessary. If processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain consent from you. The processing of personal data, for example your name, address or email address, is always in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to our company, such as the Federal Data Protection Act in Germany. By means of this Privacy Policy, we would like to inform you about the scope and purpose of the personal data collected, used and processed by us. We use data protection terms as defined in the GDPR. As the data controller, we have implemented numerous technical and organisational measures to ensure the most comprehensive protection of personal data processed through this website. Nevertheless, internet-based data transmissions can always have security gaps, so absolute protection cannot be guaranteed. For this reason, you are also free to submit personal data to us by alternative means, for example by telephone or by post.

2. Data controller

WESA-Armaturen GmbH
Spanninger Straße 5
73650 Winterbach near Stuttgart

Telephone +49 (0)7181 4040
Fax +49 (0)7181 40433

Web: www.wesa-armaturen.de
Email: info@wesa-armaturen.de

Representative for the data controller:
Managing Directors: Christoph F. Maier, Manuel J. Maier

Further contact details and information can be found in our Legal Notice.

3. Data Protection Officer

We have appointed a Data Protection Officer for our company.

Kulitz & Twelmeier GmbH
Magirus-Deutz-Str. 12,
89077 Ulm, Germany

Email: datenschutz@wesa-armaturen.de

You can contact our Data Protection Officer directly at any time with all questions and suggestions regarding data protection on our web pages.

4. Legal basis for the processing

Art. 6(1)(a) GDPR serves as the legal basis for processing operations for which we need to obtain your consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, such as in the case of processing operations that are necessary for the delivery of goods or the provision of another service or service in return, the processing is based on Art. 6(1)(b) GDPR. The same applies to such processing operations that are necessary for implementing pre-contractual measures, for example in cases of enquiries about our products or services.

If we are subject to a legal obligation according to which the processing of personal data becomes necessary, for example to comply with tax or commercial law obligations, the processing is based on Art. 6(1)(c) GDPR.

In rare cases, the processing of personal data might become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and, as a result, their name, age, health insurance details or other vital information needed to be passed on to a doctor, hospital or another third party. Then the processing would be based on Art. 6(1)(d) GDPR.

Ultimately, processing operations could be based on Art. 6(1)(f) GDPR. Processing operations are based on this legal basis if the processing is necessary to protect a legitimate interest of our municipality or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. We are permitted to carry out such processing operations, in particular because they have been specifically mentioned by the European legislator. In this respect, the latter took the view that a legitimate interest could be assumed if you are a customer of ours (Recital 47(2) GDPR).

5. Transmission of data to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only share your personal information with third parties if:

  1. You have given your express consent to this in accordance with Art. 6(1)(1)(a) GDPR,
  2. The disclosure is permissible in accordance with Art. 6(1)(1)(f) GDPR to protect our legitimate interests, and there is no reason to assume that you have an overriding interest worthy of protection by not disclosing your data,
  3. In the event that there is a legal obligation for the disclosure pursuant to Art. 6(1)(1)(c) GDPR, and
  4. This is legally permissible and necessary according to Art. 6(1)(1)(b) GDPR for the processing of contractual relationships with you.
  5. To protect your data and allow us to transfer data to third countries (outside the EU/EEA), where appropriate, we have entered into commissioned processing agreements based on the European Commission's standard contractual clauses.

6. Technology

6.1 SSL/TLS encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login data or contact requests that you send to us, as the website operator. You can recognise an encrypted connection by the fact that "https://" appears in the address line for the browser instead of "http://" and by the lock symbol in your browser line. We use this technology to protect your transmitted data.

6.2 Data collection when visiting the website

When you use our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the data that your browser transmits to our server and requires in order to display the pages correctly in your browser. Our website collects a series of general data and information each time you or an automated system access a page. This general data and information is stored in the server's log files. The following can be recorded:

  1. browser types and versions used,
  2. the operating system used by the accessing system,
  3. the website from which an accessing system arrives at our website (so-called referrer),
  4. the sub-websites that are accessed via an accessing system on our website,
  5. the date and time of access to the website,
  6. an abbreviated internet protocol address (anonymised IP address),
  7. the Internet service provider of the accessing system.

When using this general data and information, we do not draw any conclusions about who you are. Rather, this information is needed to:

  1. deliver the contents of our website correctly,
  2. optimise our website content and the advertising for this,
  3. ensure continuous operability of our IT systems and our website technology, and
  4. provide law enforcement authorities with the information necessary for prosecution in the event of a cyber attack.

The data and information collected is therefore evaluated by us statistically, on the one hand, and on the other hand, with the aim of increasing data protection and data security during our administration processes, in order to ultimately ensure an optimal level of protection for the personal data we process. The anonymous data contained in the server log files are stored separately from any personal data provided by a data subject. The legal basis for data processing is Art. 6(1)(1)(f) GDPR and, in exceptional cases for reporting criminal offences, this is based on Art. 6(1)(e) GDPR. Our legitimate interest is in line with the data collection purposes listed above.

7. Cookies

7.1 General information about cookies

We use cookies on our website. These are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone or similar) when you visit our website.

In each case, information is stored in the cookie that results from the context of the specific end device used. However, this does not mean that we gain direct knowledge of your identity.

The use of cookies serves to make using our website more pleasant for you. We use so-called session cookies to recognise that you have already visited specific pages on our website. These cookies are automatically deleted after you leave our site.

In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our site again to use our services, these cookies automatically recognise that you have already been on our website as well as which entries and settings you have made, so that you do not have to enter them again.

On the other hand, we use cookies to statistically record information on how our website is used and to evaluate our offering to you for the purpose of optimisation. These cookies enable us to automatically recognise that you have already visited our website when you visit it again. Cookies set in this way are automatically deleted after a set period of time. The respective storage period for the cookies can be found in the settings for the consent tool used.

The legal basis for this data processing is your consent within the meaning of Art. 6(1)(1)(a) GDPR. You can revoke your consent to your data being used within the scope of our web analysis at any time with future effect.

The personal data we collect as part of our web analysis will be stored for 14 months and then deleted.

Of course, our entire website can also be used even if you do not give your consent.

7.2 How can I switch off or remove cookies?

You can opt in or out in the case of all cookies apart from the essential ones. In the browser settings, you can change the settings to block cookies. In most browsers, you will find an explanation of how to do this in the so-called "help function". However, if you block the cookies, you may not be able to use all our website’s technical features and this may have a negative effect on your user experience.

8. Our website content

8.1 Contact via contact forms

For questions of any kind, we offer you the option to contact us via a form provided on our website. You must provide a valid email address and a name, so that we know who the enquiry is from and so that we can answer it. Any further data that is collected can be seen from the respective contact form. This data is stored and used exclusively for the purpose of answering your request or for contacting you as well as the associated technical administration. The legal basis for the data processing is our legitimate interest in responding to your request in accordance with Art. 6(1)(f) GDPR.

If your aim in contacting us is to conclude a contract with us, the additional legal basis for the processing is Art. 6(1)(b) GDPR. Your data will be deleted after final processing of your enquiry; this is the case if it can be inferred from the circumstances that the matter in question has been conclusively clarified and provided that there are no statutory retention obligations to the contrary. Alternatively, you can contact us directly and informally, and ask us to delete the data.

8.2 Contact via email

If you contact us via one of the email addresses provided by us, the personal data you provide will be processed exclusively for the purpose of processing your respective enquiry, for correspondence with you, as well as for the possible initiation and substantiation of a contract with you pursuant to Art. 6(1)(1)(b) GDPR. The personal data collected will be automatically deleted after your enquiry has been dealt with; this is the case if it can be seen from the circumstances that the matter in question has been conclusively clarified and insofar as there are no statutory storage obligations to the contrary.

8.3 Contact for application purposes

If you send an application to us, we will process personal data about you for the purpose of your application for employment to the extent necessary to decide whether to establish an employment relationship between us. The legal basis for this is Art. 88 GDPR in conjunction with Section 26(1)(8)(2) of the Federal Data Protection Act (BDSG) as well as for contract fulfilment or pre-contractual measures according to Art. 6(1)(1)(b) GDPR. Furthermore, we may process your personal data insofar as this is necessary for the defence of asserted legal claims against us arising from the application process. The legal basis for this is Art. 6(1)(f) GDPR; the legitimate interest is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG). Insofar as an employment relationship arises between you and us, we may further process the personal data already received from you for the purposes of establishing the employment relationship in accordance with Section 26(1) of the Federal Data Protection Act (BDSG), if this is necessary for the performance or termination of the employment relationship or for exercising or fulfilling existing statutory rights and obligations.

We process data related to your application that you send us. For this purpose, we make the email address karriere@wesaarmaturen.de available on our website specifically for this purpose, which can only be viewed by our HR department. We do not currently use any external applicant management systems in which we store these data. Your applicant data will not be transferred to a third country. We store your personal data for as long as is necessary to make a decision about your application. If an employment relationship between you and us is not established, we may also continue to store data to the extent that this is necessary for the defence against any legal claims. In this case, the application documents will be deleted two months after notification of the rejection decision, unless longer storage is necessary due to legal disputes.

9. Newsletter dispatch

On our website, you have the option to subscribe to our newsletter. Which personal data is transmitted to us when ordering the newsletter is determined by the input screen used for this purpose. We may occasionally inform our visitors, customers and business partners about our offers by means of a newsletter. You can only receive our newsletter if you have a valid email address and have registered to receive the newsletter. For legal reasons, a confirmation email will be sent to the email address you entered for the first time for the newsletter dispatch, using the double opt-in procedure. This confirmation email is used to check whether you, as the owner of the email address, have given your consent to receive the newsletter. When you register for the newsletter, we also store the IP address of the IT system used by you at the time of registration, as well as the date and time of registration, as assigned by your Internet service provider (ISP). The collection of this data is necessary in order to be able to trace any (potential) misuse of your email address at a later date and, therefore, provides us with legal protection.

The personal data collected in the context of registering for the newsletter is used exclusively for sending out our newsletter. Furthermore, subscribers to the newsletter could be informed by email if this is necessary for operating the newsletter service or an associated registration, as could be the case in the event of changes to the newsletter offering or a change in the technical circumstances. No personal data collected as part of the newsletter service will be passed on to third parties. You can cancel your subscription to our newsletter at any time. Your consent to the personal data that you have given us being stored for the purpose of newsletter dispatch can be revoked at any time. A corresponding link to revoke your consent can be found in each newsletter. Furthermore, it is also possible to unsubscribe from the newsletter at any time directly on our website or to inform us of this in another way. The legal basis for data processing for the purpose of sending newsletters is your consent in accordance with Art. 6(1)(a) GDPR.

9.1 Dispatch with Sendinblue

We use Sendinblue to send out our newsletters. The provider is Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin, Germany. Sendinblue is a service that is used so that the sending of newsletters can be organised and analysed, among other things. The data you enter for the purpose of receiving the newsletter will be stored on Sendinblue's servers in Germany. If you do not want Sendinblue to analyse your data, you must unsubscribe from the newsletter. We provide a link for this in every newsletter message. Furthermore, you can also unsubscribe from the newsletter directly on the website.

You can revoke the consent you have given at any time. You can also prevent the processing at any time by unsubscribing from the newsletter. You can also prevent the storage of cookies by setting your web browser accordingly. You can also prevent your personal data from being stored or transferred by deactivating JavaScript in your web browser or installing a JavaScript blocker (e.g. https://noscript.net or https://www.ghostery.com). We would like to point out that these measures may mean that not all the functions of our website are available. With the help of Sendinblue, we are able to analyse our newsletter campaigns. For example, we can see whether a newsletter message has been opened and which links, if any, have been clicked on. In this way, we can determine, amongst other things, which links have been clicked on particularly frequently. In addition, we can see whether certain previously defined actions have been carried out after opening/clicking (conversion rate). This enables us to see, for example, whether you have made a purchase after clicking on the newsletter.

Sendinblue also allows us to divide the newsletter recipients into different categories (so-called "clustering"). The newsletter recipients can be subdivided according to age, gender or place of residence, for example. In this way, the newsletters can be better adapted to the respective target groups.

For detailed information on the functions of Sendinblue, please refer to the following link: https://de.sendinblue.com/legal/privacypolicy/

The data processing is based on your consent in accordance with Art. 6(1)(a) GDPR. You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

The data you provide us with for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted from our servers as well as from the Sendinblue servers after you unsubscribe from the newsletter. Data stored by us for other purposes (e.g. email addresses for the members' area) remain unaffected by this. You can view Sendinblue's privacy policy at: https://de.sendinblue.com/datenschutz-uebersicht/.

9. Web analysis

9.1 Google Analytics

We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited (https://www.google.de/intl/de/about/), Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). In this context, pseudonymised usage profiles are created and cookies (see point on "Cookies") are used. The information generated by the cookie about your use of this website, such as

  • the browser type/version,
  • the operating system used,
  • the referrer URL (the previously visited page),
  • the host name of the accessing computer (IP address) and
  • the time of the server request

are transferred to a Google server in the US and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services associated with website and internet use for the purposes of market research and demand-oriented design of these web pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised, so allocation is not possible (IP masking).

You may refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that, if you do this, you may not be able to use this website’s full functionality.

These processing operations are only carried out when explicit consent is given in accordance with Art. 6(1)(a) GDPR.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on the following link: Deactivate Google Analytics. An opt-out cookie will be set to prevent future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again. You can view the privacy policy for Google Analytics at: https://support.google.com/analytics/answer/6004245?hl=de.

9.2 Google Remarketing

We have included Google Remarketing services on this website. The operating company for the Google Remarketing services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Remarketing is a function of Google AdWords that enables a company to display advertisements to Internet users who have previously visited the company's website. The integration of Google Remarketing thus allows a company to create user-related advertising and consequently to display interest-relevant advertisements to the Internet user.

The purpose of Google Remarketing is to display interest-relevant advertising. Google Remarketing enables us to display advertisements via the Google advertising network or to have them displayed on other websites, which are tailored to the individual needs and interests of Internet users.

Google Remarketing sets a cookie on the data subject’s IT system. The cookie enables Google to recognise visitors to our website when they subsequently visit websites that are also members of the Google advertising network. Each time you visit a website into which the Google Remarketing service has been integrated, your internet browser automatically identifies itself to Google. As part of this technical process, Google obtains knowledge of personal data, such as your IP address or browsing behaviour, which Google uses, amongst other things, to display interest-relevant advertising.

By means of the cookie, personal information, for example the web pages visited by you, is stored. Every time you visit our website, personal data, including your IP address, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected through the technical process with third parties.

You can prevent the setting of cookies by our website, as described above, at any time by means of an appropriate setting in the Internet browser used and thus permanently object to the setting of cookies. Such a setting in the internet browser used would also prevent Google from setting a cookie on your IT system. In addition, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.

Furthermore, you have the option to object to interest-based advertising by Google. To do this, you must access the link www.google.de/settings/ads from the Internet browser you are using and make the desired settings there.

These processing operations are only carried out when explicit consent is given in accordance with Art. 6(1)(a) GDPR.

The privacy policy for Google Analytics Remarketing can be viewed at: https://www.google.de/intl/de/policies/privacy/.

10. Advertising

10.1 Google Ads with conversion tracking

We have integrated Google Ads into this website. The operating company for the Google Ads services is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads is an internet advertising service that allows advertisers to place ads both in Google's search engine results and in the Google advertising network. Google Ads allows an advertiser to specify certain keywords in advance, by means of which an ad is displayed in Google's search engine results exclusively when the user views a keyword-relevant search result via the search engine. In the Google advertising network, the ads are distributed to topic-relevant websites by means of an automatic algorithm and in compliance with the previously defined keywords.

The purpose of Google Ads is to promote our website by displaying interest-relevant advertising on the websites of third-party companies and in the search engine results shown by the Google search engine and to display third-party advertising on our website.

If you access our website via a Google advertisement, a so-called conversion cookie is stored on your IT system by Google. A conversion cookie loses its validity after thirty days and is not used to identify you. If the cookie has not yet expired, the conversion cookie is used to track whether certain sub-pages, for example the shopping basket of an online shop system, have been viewed via our website. The conversion cookie allows both us and Google to track whether a user who arrived on our website via an AdWords ad generated a sale, i.e. completed or cancelled a purchase.

The data and information collected through the conversion cookie are used by Google to compile visit statistics for our website. These visit statistics are in turn used by us to determine the total number of users who were referred to us via ads, i.e. to determine the success or failure of the respective ads and to optimise our ads in future. Neither our company nor other advertisers using Google Ads receive information from Google by means of which you could be identified.

By means of the conversion cookie, personal information, for example the web pages visited by you, is stored. Every time you visit our website, personal data, including the IP address of the internet connection you are using, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may share this personal data collected through the technical process with third parties.

You can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Such a setting in the internet browser used would also prevent Google from setting a conversion cookie on your IT system. In addition, a cookie already set by Google Ads can be deleted at any time via the internet browser or other software programmes. Furthermore, you have the option to object to interest-based advertising by Google. To do this, you must access the link www.google.de/settings/ads from the Internet browser you are using and make the desired settings there. We would like to point out that these measures may mean that not all the functions of our website are available.

These processing operations are only carried out when explicit consent is given in accordance with Art. 6(1)(a) GDPR. You can view the data protection provisions and further information on Google AdSense at: https://www.google.de/intl/de/policies/privacy/.

11. Plugins and other services

11.1 Google Tag Manager

We use the Google Tag Manager service on this website. The operating company for Google Tag Manager is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

With this tool, "website tags" (i.e. keywords that are integrated into HTML elements) can be implemented and managed via an interface. By using the Google Tag Manager, we can automatically track which button, link or personalised image you have actively clicked on and can then record which contents of our website are of particular interest to you.

The tool also triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If you have deactivated this at the domain or cookie level, it will remain in place for all tracking tags implemented with Google Tag Manager.

These processing operations are only carried out if express consent has been given in accordance with Art. 6(1)(a) GDPR.

Further information on Google Tag Manager and Google's privacy policy can be found at: https://www.google.com/intl/de/policies/privacy/.

11.2 Google Fonts integration

Our website uses so-called web fonts for uniform display of fonts. The Google WebFonts are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is part of the Google group of companies headquartered at 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

When you access a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using establishes a connection with Google's servers. This enables Google to know that our website has been accessed via your IP address. Google Web Fonts are used in the interest of achieving a uniform and appealing presentation of our website.

These processing operations are only carried out if express consent has been given in accordance with Art. 6(1)(a) GDPR.

Further information on Google WebFonts and Google's privacy policy can be found at: https://developers.google.com/fonts/faq ; https://www.google.com/policies/privacy/.

Your rights as a data subject

As a data subject, you have the following specific rights:

Right of access (Art. 15 GDPR)

As a data subject, you have a right to information under the conditions of Art. 15 GDPR. This means, in particular, that you have the right to ask us to confirm whether we are processing personal data relating to you. If this is the case, you also have a right of access to this personal data and to the information listed in Art. 15(1) GDPR.

Right of rectification (Art. 16 GDPR)

As a data subject, you have a right to rectification under the conditions of Art.16 GDPR. This means, in particular, that you have the right to ask us to correct any inaccurate personal data relating to you and to complete any incomplete personal data without delay.

Right to erasure, right to be forgotten (Art. 17 GDPR)

As a data subject, you have a right to deletion under the conditions of Art. 17 GDPR. This means that you generally have the right to demand that we delete personal data relating to you without delay, and that we are obliged to delete personal data without delay if one of the reasons listed in Art. 17(1) GDPR applies. In cases where we have made personal data public and we are obliged to erase it, we are also obliged to take reasonable steps, including technical measures, taking the available technology and the cost of implementation into account, to inform other data controllers processing the personal data that a data subject has requested that they erase all links to, or copies or replications of, that personal data (Article 17(2) GDPR). The right to erasure does not apply exceptionally if the processing is necessary for the reasons listed in Art. 17(3) GDPR. This may be the case, for example, if the processing is necessary for fulfilling a legal obligation or for the assertion, exercise or defence of legal claims (Art. 17(3)(a) and (e) GDPR).

Right to restriction of processing (Art. 18 GDPR)

As a data subject, you have the right to restrict processing under the conditions of Art. 18 GDPR. This may be the case, for example, if you dispute the accuracy of the personal data. In this case, the restriction of processing is carried out for a period of time that allows us to verify the accuracy of the personal data (Art. 18(1)(a) GDPR). Restriction means stored personal data being marked with the aim of limiting their future processing (Art. 4(3) GDPR).

Right to data portability (Art. 20 GDPR)

As a data subject, you have a right to data portability under the conditions of Art. 20 GDPR. This means that you generally have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and the processing is carried out with the aid of automated procedures (Art. 20(1) GDPR). When exercising your right to data portability, you also have the right in principle to have the personal data transferred directly from us to another controller, insofar as this is technically feasible (Art. 20(2) GDPR).

Right to object (Art. 21 GDPR)

As a data subject, you have the right to object under the conditions of Art. 21 GDPR. We will expressly draw your attention to your right to object as a data subject at the latest at the time of our first communication with you.

Specifically:

Right to object on grounds arising from the particular situation of the data subject
As a data subject, you have the right to object at any time on grounds arising from your particular situation to the processing of personal data relating to you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

In the event of an objection on grounds relating to your particular situation, we shall no longer process the personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to object to direct marketing

If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. In the event of an objection to processing for direct marketing purposes, we shall no longer process the personal data concerned for these purposes.

Right to withdraw consent (Art. 7(3) GDPR)

If the processing is based on consent within the meaning of Art. 6(1)(a) or Art. 9(2)(a) GDPR, you, as the data subject, have the right to revoke your consent at any time in accordance with Art. 7(3) GDPR. The revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent up until revocation. We will inform you of this before you give your consent.

Right to complain to the supervisory authority (Art. 77 GDPR)

As a data subject, you have the right to lodge a complaint with a supervisory authority under the conditions of Art. 77 GDPR. Our Data Protection Officer is also available at any time to clarify any questions you may have about data processing with you or to help you further with your data protection concerns. A compilation of the contact details of the data protection commissioners in the German federal states and the supervisory authorities for the non-public sector as well as in other states can be found on the pages of the Federal Commissioner for Data Protection and Freedom of Information (BfDI) under “Addresses and Links”.

You can reach the supervisory authority responsible for us (LfDI) at:

www.baden-wuerttemberg.datenschutz.de
Königstraße 10a
70173 Stuttgart, Germany

Phone: +49 711 6155410
Fax: +49 711 61554115

Routine storage, deletion and blocking of personal data

We process and store your personal data only for the period of time necessary to achieve the purpose of storage or if this has been provided for by the legal provisions to which our city is subject as a public corporation. If the purpose of storage no longer applies or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

Duration of the storage of personal data

The criterion for the duration of personal data being stored is the respective statutory retention period. After expiry of the deadline, the corresponding data is routinely deleted if it is no longer required for fulfilling or initiating the contract.

Further questions about data protection and your rights

If you have any further questions, comments or other requests regarding your personal data that are not answered here, please feel free to contact us or our Data Protection Officer using the contact options provided.