Person responsible (“Us”, “We” and “Our”, etc.):
Name/Fa.: werkside GmbH
Street No.: Klopstockstrasse 6
Zip code, City, Country: 22765 Hamburg
Commercial register no.: Amtsgericht Hamburg, HRB 164672
Managing Director: Simone Becher, Helmut Henkensiefken, Klaus Kluge, Sven Kröger
Phone number: 089-4523509299
E-mail address: firstname.lastname@example.org
The responsible body for data processing on this website is:
The responsible body is the natural or legal person who, alone or together with others, decides on the purposes and means of processing personal data (e.g. names, email addresses, etc.).
We processed the following data:
– User’s name and address.
– User’s e-mail address and telephone number(s).
– User’s entered texts, photographs, videos.
– the content of the contract concluded with you
– User’s bank details, User’s payment(s).
– User’s use of Our website, interest in content, access times.
– Device information, IP addresses, and other communication data.
No special categories of Data in the sense of § 9 Abs.1 GDPR is processed.
We process Data of the following individuals:
– Customers, interested parties, visitors and users of the Online Offers recipients of Our newsletter and business partners.
Collectively, We refer to this group of individuals as “Users”.
Purpose of the processing:
– Provision of the Online Offer;
– Provision of contractual services, service and customer care.
– Answering contact requests and communication with users.
– Marketing, advertising and market research.
– Security measures.
- Referenced Terms as per GDPR
1.1 “Personal Information” means any information relating to an identified or identifiable natural person (a “Data Subject“). An identifiable person is one that can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, a location data, an online identifier (e.g. a cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
1.2 “Processing” means any operation or set of operations which is performed upon Personal Information, whether or not by automatic means. The term has a broad meaning and covers practically all data handling.
1.3 “Controller” means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the Processing of personal data.
2.Legal Basis for Processing
The legal basis for Processing to:
obtain consent is Art. 6(1)a. and Art. 7 GDPR;
Processing to render Our services, implementing contractual measures and answering inquiries is Art. 6 (1)b GDPR;
Processing fulfil Our legal obligations is Art. 6(1)c GDPR; and
Processing safeguard Our legitimate interests is Art. 6(1)f GDPR.
In the event that vital interests of the Data Subject or another natural person require the Processing of personal data, Art. 6(1)d GDPR serves as the legal basis.
- Security Measures
4.1 In accordance with Art. 32 GDPR and taking into consideration the current state of technology, the implementation costs and the nature, scope, circumstances and purposes of the processing, as well as the varying probability of occurrence and severity of any risk to the rights and freedoms of natural persons, We will implement adequate technical and organizational measures to ensure a level of protection appropriate to risk. These measures include in particular the safeguarding of the confidentiality, integrity and availability of Data by controlling physical access to the Data as well as access, input, forwarding, availability and its separation on the Data. Furthermore, We have established procedures to ensure that the rights of Data Subjects, Data is deleted, and We respond to any threats to Data. We further take the protection of Personal Data into account during any development or selection of hardware, software and procedures, in accordance with the “privacy-by-design” principle and by using data protection-friendly default settings (Art. 25 GDPR).
4.2 The security measures include in particular the encrypted transmission of Data between User’s browser and Our server.
- Disclosure and Transmission of Data
5.1 In the course of Processing, We may disclose Data to other persons and companies (sub-processors or third parties), transfer Data to them or otherwise make Data accessible to them. We will do so only a) where We are legally authorized to do so (e.g. if a transfer of Data to third parties, such as payment service providers, in accordance with Art. 6(1)b GDPR is necessary for the performance of the contract); b) Users have consented; c) there is a legal obligation on Us to provide Data; or d) on the basis of Our legitimate interest (e.g. when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow Us to or aid Us with the fulfilment of Our contractual obligations, administrative tasks and duties).
5.2 If We commission third parties to Process Data on the basis of a so-called “sub-processing agreements”, We will do so on the basis of Art. 28 GDPR.
- Transfers to Third Countries
If We Process Data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or if Processed using the services of a third party or disclosure or transfer of Data to third parties, this will only take place if it is done to fulfil Our (pre-)contractual obligations, on the basis of User’s consent, on the basis of a legal obligation or on the basis of Our legitimate interests. Subject to legal or contractual permissions, We will only process or transfer ata in a third country if the special requirements of Art. 44 ff. GDPR. This means that the Processing is carried out, for example, on the basis of special guarantees, such as the officially recognized determination of a level of data protection corresponding to that of the EU or compliance with officially recognized special contractual obligations (so-called “Standard Contractual Clauses”).
- Rights of the Data Subjects
7.1 In accordance with Art. 15 GDPR, Users have the right to obtain confirmation as to whether or not Data is being Processed by Us and to receive information about Data and to request further information and a copy of the Data.
7.2 In accordance with Art. 16 GDPR, Users have the right to request the completion of Data concerning them or the correction of incorrect Data concerning you.
7.3 In accordance with Art. 17 GDPR, Users have the right to request Data concerning them be deleted immediately, or alternatively, in accordance with Art. 18 GDPR, to request that the Processing of Data be restricted.
7.4 In accordance with Art. 20 GDPR, Users have the right to obtain a copy of Data concerning them and that they have provided Us with, and to request that it be communicated to other Responsibles.
7.5 Users also have the right to lodge a complaint with the competent supervisory authority in accordance with Art. 77 GDPR.
- Right of Withdrawal
In accordance with Art. 7(3) GDPR, Users have the right to revoke any consent granted with effect for the future.
- Right to Object
In accordance with Art. 21 GDPR, Users may object to the future Processing of Data concerning you, at any time. The objection may in particular be made against Processing for the purposes of direct advertisements.
- Cookies and Right of Objection for Direct Advertising
10.1 “Cookies” are small files that are stored on the User’s computer. Different information can be stored within the cookies. A cookie is primarily used to store information about a User (or the device on which the cookie is stored) during and after User’s visit to an Online Offer. Temporary cookies, or “session cookies” or “transient cookies” are cookies that are deleted after User leaves an Online Offerand closes his browser. In such a cookie, for example, the contents of a shopping cart in an online store or a login status can be stored. Cookies are described as “permanent” or “persistent” if they remain stored even after the browser is closed. For example, the login status can be saved if User visits it after several days. Likewise, the interests of Users can be stored in such a cookie, which is used for range measurement or marketing purposes. Cookies from providers other than the person responsible for operating the Online Offers are referred to as “third party cookies” (otherwise, if it is only their cookies, it is referred to as “first-party cookies”).
- Deletion of Data
11.2 In accordance with legal requirements, Data is stored for six (6) years in accordance with § 257 para. 1 HGB (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147 para. 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).
- Order Processing in the Online Store and Customer Account
12.1 We process Data of Our customers in the context of the order procedures in Our Online Offers, to enable Users to select and order the selected products and services, as well as their payment and delivery, or rendering of the services.
12.2 Data includes inventory data, communication data, contract data, payment data and concerns Our Users. The Processing is carried out for the purpose of providing contractual services within the operation of the Online Offering, billing, delivery and customer services. We use session cookies to store the contents of the shopping cart and permanent cookies to store the login status.
12.3 The Processing is based on Art. 6(1)b (execution of order processes) and c (legally required archiving) GDPR. The information marked as “required” is required to establish and fulfil the contract. We disclose the Data to third parties only within the scope of delivery, payment or within the legally permitted scope and obligations to legal advisors and authorities. Data will only be Processed in third countries if this is necessary for the fulfilment of the contract (e.g. upon customer request for delivery or payment).
12.4 Users can optionally create a user account, in which they can especially view their orders. During the registration process, the mandatory Data field will be identified to Users. The user accounts are not public and cannot be indexed by search engines. If Users have terminated their user account, their Data will be deleted with regard to the user account, however, subject to other retention requirements from commercial reasons or tax laws in accordance with Art. 6(1)c GDPR. Data in the customer account will remain in the customer account until its deletion and subsequent archiving to fulfil mentioned commercial and legal obligations. It is the responsibility of Users to save their Data in case of termination before the end of the contract.
12.5 Within the scope of registration and repeated logins and use of Our Online Offerings, We store the IP addresses and the times of the respective User actions. Processing of this Data is based on Our legitimate interests, as well as the User’s need for protection against misuse and other unauthorized use. This Data will not be passed on to third parties, unless strictly required to ensure the Online Offers can be accessed by Users; b) it is necessary to pursue a claims; or c) there is a legal obligation to do so in accordance with Art. 6(1)c GDPR.
12.6 Deletion of Data mentioned in this Section takes place after the expiry of legal and statutory warranty periods and comparable obligations, however, in no case later than two years after the last use of a user account by its User. The necessity of storing Data is reviewed every three years; in the case of legal archiving obligations, deletion takes place after their expiry (end of commercial (6 years) and tax (10 years) storage obligation); information in the customer account remains until its deletion.
- Business Management Analyses and Market Research
13.1 In order to run Our business economically, to recognize market trends and to recognize the needs of Our customers and User, We analyze Data available to us on business transactions, contracts, inquiries, etc. We Process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of Art. 6(1)f GDPR, whereby the Data Subjects include the Users. The analyses are carried out for the purpose of business management evaluations, marketing and market research. Users expressly authorize Us to use user profiles of registered users, including contained information e.g. purchase transactions.
13.2 If these analyses or profiles contain Personal Information, they will be deleted or anonymized upon termination by User, otherwise no later than two years from the conclusion of the relevant agreement on which the collection of such Data is based. In all other respects, the macroeconomic analyses and general trend determinations are prepared anonymously wherever possible.
- Contact and Customer Service
14.1 When contacting Us (via contact form or e-mail), the User Data will be processed for the purpose of handling the request and its handling in accordance with Art. 6(1)b GDPR.
14.2 The information provided by User may be stored in Our customer relationship management system (“CRM system”) or comparable inquiry handling mechanism.
14.3 We will delete the inquiries if they are no longer required. We review the necessity to retain Data every two years; we permanently store requests from Users who have a user account and apply the data retention mechanism applicable to user accounts. Statutory archiving obligations apply.
- Collection of Access Data and Log Files
15.1 On the basis of Our legitimate interests as per Art. 6(1)f GDPR, we Process Data about every access to the server on which this service is located (so-called server log files). The access data includes the name of the accessed website, file, date and time of access, transferred data volume, notification of successful access, browser type and version, the User’s operating system, referrer URL (the previously visited site), IP address and the requesting provider.
15.2 For security reasons (e.g. to clarify misuse or fraudulent actions), log file information is stored for a maximum of seven (7) days and then deleted. Data requiring longer storage for evidence purposes is excluded from deletion until a respective incident has been resolved.
- Online Presence in Social Media
16.1 On the basis of Our legitimate interests within the meaning of Art. 6(1) f. GDPR, We maintain online presences on social networks and platforms in order to be able to communicate with Users and to inform them about Our services. Usage of the respective social networks and platforms, is subject to their respective terms and conditions and privacy policies.
Please note the requirements for the use of Google Analytics: IP anonymization must be active https://support.google.com/analytics/answer/2905384?hl=de; 2.) and the “Addendum to data processing” in the administration area of Google Analytics must be accepted (or a current contract, if Google notifies User of this (see for the current status: http://drschwenke.de/google-analytics)).
16.3 We use Google Analytics to display advertisements from the advertising services of Google and its partners only to those Users that have also shown an interest in Our Online Offers, or that exhibit certain characteristics (e.g. interests in certain topics or products determined on the basis of the websites visited) which We first transmit to Google (so-called “remarketing” or “Google Analytics Audiences”). With the help of remarketing audiences, We also want to ensure that Our ads are relevant to the interests of Users and do not become annoying.
- Google Analytics
17.2 Google is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
17.3 Google will use this information on Our behalf to evaluate the use of Our Online Offers by Users, to compile reports on the activities on Our Online Offers and to provide Us with further services associated with the use of Our Online Offers and the use of the Internet. The Processed Data can be used to create pseudonymous user profiles of Users.
17.4 We use Google Analytics only with activated IP anonymization. This means that the IP address of Users is shortened by Google within member states of the European Union or in other states which are party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.
17.5 The IP address transmitted by the User’s browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting their browser software accordingly; Users can also prevent the collection of Data generated by the cookie and related to their use of the Online Offer to Google and the Processing of this Data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
17.6 User can find further information on data use by Google, setting and objection options on the websites of Google: https://www.google.com/intl/de/policies/privacy/partners (“Data use by Google when Users use the websites or apps of Our partners”), https://policies.google.com/technologies/ads (“Data use for advertising purposes”), https://adssettings.google.com/authenticated (“Manage information that Google uses to show Users advertising”).
18.1 On the basis of Our legitimate interests (i.e. interest in the analysis, optimization and economic operation of Our Online Offerwithin the meaning of Art. 6(1)f GDPR) We use the Marketing and Remarketing Services (in short “Google Marketing Services”) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, (“Google“).
18.2 Google is certified under the Privacy Shield Agreement and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
18.3 Google Marketing Services allow Us to display ads for and on Our website in a targeted manner, so that We only show ads to Users that potentially match their interests. For example, if a User is shown ads for products that he or she has been interested in on other websites, this is called “remarketing”. For these purposes, when Users access Our and other websites on which Google Marketing Services are active, a code is executed directly by Google and so-called (re)marketing tags (invisible graphics or code, also known as “web beacons”) are embedded in the website. Using this, an individual cookie, i.e. a small file, is stored on the User’s device (instead of cookies, comparable technologies can also be used). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which websites the User has visited, what content the User is interested in, which offers the User has clicked on, as well as technical information about the browser and operating system, referring websites, visiting time and other information about the use of the Online Offer. The IP address of the User is also recorded. Within the framework of Google Analytics, IP addresses are shortened at a location within the member states of the European Union or in other signatory states to the Agreement on the European Economic Area. In exceptional cases, IP addresses may be transferred in full to a Google server in the USA and shortened there. The IP address is not merged with user data within other Google offers. Google may also combine the above-mentioned information with information from other sources. If the User subsequently visits other websites, the ads tailored to the User’s interests are displayed.
18.4 User data is processed pseudonymously as part of Google Marketing Services. This means that, for example, Google does not store and process the name or e-mail address of the User, but processes the relevant data on a cookie-related basis within pseudonymous user profiles. This means that regarding Google, the ads are not managed and displayed for an identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a User has expressly permitted Google to process the data without this pseudonymization. The information collected by Google Marketing Services about users is transmitted to Google and stored on Google’s servers in the USA.
18.5 Google Marketing Services used by Us include the online advertising program “Google Ads”. In the case of Google Ads, each Google Ads customer receives a different “conversion cookie”. Cookies can therefore not be tracked through the websites of Google Ads customers. The information collected through the cookie is used to compile conversion statistics for Google Ads customers who have opted in to conversion tracking. Google Ads advertisers can learn about the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that personally identifies users.
18.8 We may also use the “Google Optimizer” service, allowing us in the context of so-called “A/B-Testings” to understand how various changes affect a website (e.g. changes in input fields, design, etc.). For these test purposes, cookies are stored on the Users’ devices. Only pseudonymous User data is processed.
18.9 We may also use the “Google Tag Manager” to integrate and manage Google’s analysis and marketing services into Our website.
18.11. If Users wish to opt out of receiving interest-based advertising through Google marketing services, Users can use the setting and opt-out options provided by Google: https://adssettings.google.com/authenticated.
- Jetpack (WordPress Stats)
19.1 On the basis of Our legitimate interests (i.e. interest in the analysis, optimization and economic operation of Our Online Offerwithin the meaning of Art. 6(1)f GDPR) , We use the Jetpack plugin (“WordPress Stats“), which integrates a tool for the statistical evaluation of visitor accesses and by Automattic, Inc. 132 Hawthorne Street San Francisco, CA 94107, USA. Jetpack uses “cookies”, which are text files placed on User’s computer, to help the website analyze how Users use Online Offers.
19.2 Automattic is certified under the EU Privacy Shield and thereby offers a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active).
20.1 On the basis of Our legitimate interests (i.e. interest in the analysis, optimization and economic operation of Our Online Offerwithin the meaning of Article 6(1)f GDPR), We use the “etracker” analysis service of etracker GmbH, Erste Brunnenstraße 1 20459 Hamburg.
20.2 User profiles can be created from the data processed by etracker under a pseudonym. Cookies may be used for this purpose. The cookies make it possible to recognize User’s browser. The data collected using etracker technologies will not be used to personally identify Users on Our website without separate express consent by the User and will not be merged with Personal Data about the bearer of the pseudonym. Furthermore, Data is only processed for Us, i.e. it is not merged with Personal Data collected from other online offers.
20.3 Users can object to Processing of data at any time with effect for the future. In order to object to the future collection and storage of their Data, Users can obtain an opt-out cookie from etracker by clicking on the following link. This will ensure that no visitor data from User’s browser will be collected and stored by etracker in the future: http://www.etracker.de/privacy?et=Account-ID [Please enter User account ID here].
- Communication via Post, E-mail, Fax or Telephone
21.1 For business and marketing purposes, We use remote means of communication, such as mail, telephone or e-mail. We process inventory data, address and contact data as well as contract data of Users.
21.2 The Processing is based on Article 6(1)a, Article 7 GDPR, Article 6(1)f GDPR in connection with legal requirements for advertising communications. Contact will only be established with prior consent of the User or within the scope of legally permitted reasons. Processed Data will be deleted as soon as it is no longer required, or upon objection/ revocation or omission of the basis for authorization or legal archiving obligations.
22.1 With the following information We inform Users about the contents of Our newsletter as well as the registration, dispatch and statistical evaluation process.
22.1 The following contains information about the contents of Our newsletter, the registration, delivery and statistical evaluation mechanisms and Users’ right to object to the same. By subscribing to Our newsletter, Users agree to receive it and to the described mechanisms.
22.2 We send newsletters, e-mails and other electronic notifications containing advertising information (the “Newsletter“) only with the consent of the recipients or where legally permitted. If, in the course of registering for the newsletter, its contents are specifically described, this is also the deemed scope of the User’s consent. In addition, Our Newsletters contain information about Our products, offers, promotions and Our company.
22.3 The registration to Our Newsletter employs a so-called “Double-Opt-In” procedure. This means that after registration Users will receive an e-mail asking them to confirm their registration. This confirmation is necessary to prevent unauthorised registration using e-mail addresses of others. Newsletter registrations log serve as poof of individuals registrations according to legal requirements. This includes storing the timestamp of the registration and confirmation, as well as the IP address. Changes to Users’ Data stored with the content delivery provider are also logged.
22.4 User’s e-mail address is sufficient to subscribe to the Newsletter. Optionally, We may ask User to enter User’s name to customize the greeting contained in the Newsletter.
22.5 The Newsletters contain a so-called “web beacon”, i.e. a pixel-sized file that is collected by Our server when the newsletter is opened, or by the server of Our content delivery provider, if used. Within the scope of this collection, technical information such as information regarding User’s web browser and User’s system, as well as User’s IP address and time of retrieval are also collected. This information is used to technically improve the services by evaluating technical data of the target groups and their reading behavior in relation to their download locations (which can be determined by means of the IP address) and the access times.
Statistical surveys also include information on whether Newsletters are opened by the Users, when they are opened and which links the Users click on. This information can technically be associated with an individual Newsletter recipients. However, this is neither Our intention nor that of the mailing service provider, if used. Instead, the analyses assist Us in understanding the reading habits of Our Users and to adapt Our content to Our User’s expectations, or to provide individualized content according to the interests of Our Users.
22.6 Delivery of the Newsletter and the success rate analyses are legitimized by the consent of the recipients according to Art. 6(1)a, Article 7 GDPR in connection with § 7 Para. 2 No. 3 UWG, or on the basis of the legal consent according to § 7 Para. 3 UWG.
22.7 Logging the registration mechanism is based on Our legitimate interest according to Art. 6(1)f GDPR and serves as evidence of consent to distribute the Newsletter.
22.8 Newsletter recipients can cancel their subscription at any time, i.e. revoke their consent. A link to cancel the newsletter can be found at the end of each newsletter. When cancelled, the User automatically revokes consent to take part in any content performance analysis. Revocation of consent to the content performance analyse is not possible and requires cancellation of the newsletter subscription as a whole. When User unsubscribes from the newsletter, all data will be deleted, unless storage of such Data is legally required or justified. In this case, Processing will be limited to these exceptional purposes. In particular, We may store the unsubscribed e-mail addresses for up to three (3) years on the basis of Our legitimate interests before We delete them for the scope of the newsletter distribution. This is so We maintain sufficient prove that the User had previously given consent. Processing of this Data is limited to its purpose as a possible defence against any claims. An individual request for deletion is possible at any time, provided the User confirms in writing that consent was previously given.
- Integration of Third Party Services and Content
23.1 On the basis of Our legitimate interests (i.e. interest in the analysis, optimization and economic operation of Our Online Offer within the meaning of Art. 6(1)f GDPR), We integrate content and services of third parties, including videos and fonts (the “Content“). To enable these third parties providers to deliver their content to the User’s web browser, the User’s IP address must be made known to the these providers. We make every effort to only use content from providers that use IP addresses only to deliver the content. Third party providers may also use so-called “pixel tags” (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. The “pixel tags” can be used to evaluate information, such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the User’s device and may contain, among other things, technical browser and operating system information, referring web pages, visiting time, and other details on the use of Our Online Offer, as well as other information, enabling the above to be linked to other sources.
23.2 The following presents an overview of third party providers and their contents, including links to their data protection policies, containing further information on the Processing of data and, in some cases already mentioned in here, how to object (so-called opt-out)