Data Protection

Download as PDF

DATA PRIVACY INFORMATION
Welcome to the website of Wback GmbH. In the following data protection information, you will be informed what happens to your data, the so-called personal data, and above all why this happens. We also inform you how we protect your data, when the data is deleted and what rights you have due to data protection.
First of all, we comply with data protection laws and the European General Data Protection Regulation and protecting your privacy as much as possible.
But we want to be completely open: The Internet thrives on data exchange and still has many security gaps. Even if your data is encrypted when you visit our website, there is always a residual risk when exchanging data with external websites. If you visit other websites - for example via a link on our website - please note that this data protection information does not apply to these external websites. We would also like to point out that e-mails are an unencrypted and therefore fundamentally insecure communication medium. Should you wish to exchange personal data with us, please agree the transmission method with us in advance.
However, we believe that education and knowledge about data protection help to better assess possible dangers and risks. For this reason, we have prepared this data protection information and compiled all relevant information. The compilation has been made to the best of our knowledge and in accordance with the requirements of Article 13 GDPR. Because it is important to us that your trust is appreciated here.

Business purpose and processing of personal data
We process personal data (in the following: data) of our customers, suppliers, employees and business partners exclusively to manufacture our products, to deliver them to you in highest quality and with highest reliability. The processing is carried out both in automated and non-automated form.
The following data is involved: Name and address/address as well as e-mail address, bank account details and telephone numbers (fixed and mobile). In addition, within the scope of our services, especially in personnel-relevant and logistical processes, data of the special category is also processed. This always under the aspect of necessity, legality and purpose appropriate, in accordance with Article 5 GDPR.
By "processing of data" we mean, for example, the following operations: The collection, recording, organization, storage, use, transmission, dissemination and deletion of data (Article 4 No. 2 of the Basic Data Protection Regulation - GDPR).
We process data which are necessary for the justification and fulfilment of the contractual services and point out the necessity of their disclosure. Disclosure to external parties is only made if it is really necessary within the scope of an order. When processing the data provided to us within the scope of an order, we act in accordance with the instructions of the client and the legal requirements of an order processing in accordance with Art. 28 GDPR and do not process the data for any other purpose than the purpose specified in the order.

Who can you contact?
Section 38 BDSG last version applies in the company. The responsible authority within the meaning of the data protection laws, in particular the EU General Data Protection Regulation (GDPR), is

Wback GmbH
Edisonstra�e 10
D-59199 B�nen
Telefon: +49 (0) 23 83 / 91 28 - 100
Telefax: +49 (0) 23 83 / 91 28 - 400
E-Mail: info@wback.de

Responsible for data processing:
Managing Director: Dr. Uwe Bretschneider
We have appointed a data protection officer for our company:
Data protection officer: on behalf of DEKRA Assurance Services GmbH
Daniela Rennings | Rennings Umsetzungsberatung Neuss
Im Jagdfeld 42 | 41464 Neuss
Tel: 02131-7429472
mailto:daniela.rennings@dekra.com
She is available as your direct contact person in all data protection matters concerning our company.

What are your rights?
You can contact us at any time if you have any questions about your rights in data protection or if you wish to assert one of your subsequent rights:
- Right of withdrawal in accordance with Art. 7 sec. 3 GDPR (e.g. you can contact us if you wish to undo a previously granted consent in a newsletter)
- Right to information in accordance with Art. 15 GDPR (e.g. you can contact us if you would like to know what data we have provided about you)
- Correction according to Art. 16 GDPR (e.g. you can contact us if your e-mail address has changed and you want us to replace the old e-mail address)
- Deletion according to Art. 17 GDPR (e.g. you can contact us if you want us to delete certain data, we have stored about you)
- Restriction of processing in accordance with Art. 18 GDPR (e.g. you can contact us if you do not want us to delete your e-mail address, but only use it to send you absolutely necessary e-mails)
- Data portability according to art. 20 GDPR (e.g. you can contact us to receive your data stored with us in a compressed format, e.g. because you want to make the data available to another website)
- Opposition according to Art. 21 GDPR in the case of processing operations pursuant to Article 6 para. 1, lit. e. and f. (e.g. you can contact us if you do not agree with one of the advertising or analysis procedures stated here)
- Right to complain to the competent supervisory authority in accordance with Art. 77 Sec. 1 f GDPR (e.g. you can also contact the data protection supervisory authority directly in the event of complaints)

The competent and valid authority is:
Landesbeauftragte f�r Datenschutz und
Informationsfreiheit Nordrhein-Westfalen
Kavalleriestra�e 2-4
40213 D�sseldorf
Phone: 0211 38424-0
Fax: 0211 38424-10
E-Mail: poststelle@ldi.nrw.de

Categories of affected persons
Visitors and users of our online offer (in the following we also refer to the data subjects as "users"). Furthermore, customers, suppliers, service providers and business partners who work with us in a spirit of trust. As well as our employees.

Purpose of processing
- Provision of the online offer, its functions and contents
- Responding to contact requests and communicating with users
- Processing of business processes
- Safety and protective measures

In addition, personal data will only be processed within the scope of our business purpose, taking into account Article 6 GDPR and Article 9 GDPR paragraph 2 lit. h. This is always appropriate under the aspect of necessity, legality and purpose, in accordance with Article 5 GDPR.

Applicable legal basis for the processing
In accordance with Article 13 GDPR, we shall notify the users of our website and our customers of the legal bases of our data processing. For users within the scope of the General Data Protection Regulation (GDPR), i.e. the EU and the EEC, unless the legal basis is specified in the Data Protection Declaration, the following applies:

- the legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR;
- the legal basis for processing for the purpose of fulfilling our services and carrying out contractual measures and answering inquiries is Art. 6 para. 1 lit. b GDPR;
- the legal basis for processing for the purpose of fulfilling our legal obligations is Art. 6 para. 1 lit. c GDPR;
- In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.
- the legal basis for the processing necessary to perform a task carried out in the public interest or in the exercise of official authority delegated to the controller is Art. 6 para. 1 lit. e GDPR
- the legal basis for the processing necessary to safeguard our legitimate interest is Art. 6 para. 1 lit. f GDPR.
- the processing of data for purposes other than those for which they were collected is governed by the provisions of Art. 6 para. 4 GDPR
- the processing of special categories of data (in accordance with Art. 9 para. 1 GDPR) is governed by the provisions of Art. 9 para. 2 GDPR.

Deletion of data and storage duration
Unless otherwise stated, we delete your data as soon as they are no longer needed, e.g. the e-mail address after you have unsubscribed from our newsletter. Your data will also be blocked or deleted if a storage period prescribed by law expires, unless it is necessary to store the data for the purpose of concluding or fulfilling a contract. Certain data may have to be kept longer for legal reasons. Of course, you can request information about the stored data and their retention periods at any time. The necessity for the storage of the data will be reviewed by us at least every 3 years; in the case of legal storage obligations, the data will be deleted after their expiry (6 years in accordance with � 257 para. 1 HGB, 10 years in accordance with � 147 para. 1 AO).
Visit of our website
When you visit our website, SSL or TLS encryption is used to protect the transmission of incoming and outgoing requests. You can recognize an encrypted connection by the fact that the address line of the browser begins with "https://" and by the lock symbol in the browser line. If you just want to browse our website, no personal data is collected, except for the data your browser transmits to enable you to visit the website, in particular:

- Name of the web page accessed (e.g. the web page that was just accessed)
- Date and time of retrieval (e.g. 11:45 on 25.05.2018)
- transmitted data volume (e.g. 2427 bytes)
- Message about successful retrieval (e.g. information whether there was an error when the page was called)
- Browser type and version (e.g. the used browser Firefox 60.0.1)
- the user's operating system (e.g. MacOS 10.13.4)
- Referrer URL (the previously visited page)
- IP address and the requesting provider (e.g. 95.91.215.example or 2a02:8109:9440:1198:bdb1:551f:example)
- Status codes (e.g. status code 200: request successfully processed)

Most interesting for you as a visitor to our website is the IP address, as this is data that can theoretically be traced back to you as a person. As a protective measure in favour of your privacy, all data is therefore deleted from the website 7 days after your visit. The purpose of the temporary storage of the data at the beginning is to ensure the connection as well as accessibility and correct display of our website. The IP address and the technical data already mentioned are required to display the website, to avoid display problems for visitors and to correct error messages. Legal basis is my so-called legitimate interest according to art. 6 para. 1 lit. f. GDPR.

Collection, processing and transfer of personal data when commissioned
When you order our services, we collect and process personal data only to the extent necessary to fulfill and process your order and to process your inquiry. The provision of the data is necessary for the conclusion of the contract or for the completion of the order. Failure to provide the data means that no contract can be concluded. The processing is based on Art. 6 para. 1 lit. b GDPR and is necessary for the fulfilment of the contract with you. Your data will only be passed on in the event of a legal obligation and within the framework of contractually regulated processes. In all cases we strictly observe the legal requirements. The scope of data transfer is limited to a minimum.

Getting in contact with us
When contacting us (e.g. by e-mail, telephone, contact form or via social media), the user's details, including all resulting personal data (name, inquiry, e-mail address), will be used to process the contact request and to handle it in accordance with Art. 6 para. 1 lit. b. (within the scope of contractual/pre-contractual relations), Art. 6 para. 1 lit. f. GDPR (other inquiries). User data may be stored in a system-supported environment ("CRM system") or comparable applications. We will delete the inquiries if they are no longer required. The necessity is reviewed every two years. Furthermore, the statutory archiving or retention obligations apply. Requests that are not relevant or do not need to be stored will be deleted. This also applies to unsolicited applications and advertising.

Security measures
We take appropriate technical and organizational measures (TOM) in accordance with legal requirements, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of the processing as well as the varying probability of occurrence and severity of the risk to the rights and freedoms of natural persons, in order to ensure a level of protection appropriate to the risk.
These measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access, input, disclosure, safeguarding of availability and segregation of data relating to them. In addition, procedures are in place to ensure that data subjects' rights are exercised, data is deleted, and data is reacted to threats to the data. Furthermore, we take the protection of personal data into account as early as the development and selection of hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings. Here in particular our online offer and the information compiled here. The system and process conformity of GoBD is also taken into account and applied.

Cooperation with contract processors, jointly responsible parties and third parties
If, in the course of our processing, we disclose data to other persons and companies (contract processors, jointly responsible parties or third parties), transfer them to them or otherwise grant them access to the data, this will only be done on the basis of a legal authorization.
We make sure that cooperation with business partners and service providers is either regulated by a contract processing agreement or a declaration of commitment to confidentiality and adherence to data and business secrets.

Transfers to third countries
If data is processed in a third country (i.e. countries outside the European Union) or if this is done in the context of using the services of third parties (software, applications, etc.), this will only be done if it is necessary to fulfill our (pre-)contractual obligations or if we have your consent. Subject to legal or contractual permissions, we will only process or have processed the data in a third country if the legal requirements are met. This means that the processing is carried out, for example, on the basis of special guarantees or in compliance with officially recognized special contractual obligations.

Cookie banner and cookie hint
According to the current ruling of the EUGH, an active cookie banner is required if cookies (of any kind) are used. We have deliberately refrained from using cookies or other applications.

Note on the deactivation or deletion of cookies
Every user can set his web browser to generally prevent the storage of cookies on his terminal device or to ask him each time whether he agrees to the setting of cookies. Once cookies have been set, the user can delete them at any time. How this works is described in the help function of the respective web browser.
Please note: a general deactivation of cookies may lead to functional restrictions of web pages.

Right of objection for direct advertising
A general objection to the use of cookies used for online marketing purposes can be declared for many of the services, especially in the case of tracking, via the US site https://www.aboutads.info/choices/ or the EU site https://www.youronlinechoices.com/ . Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that in this case, functions on websites may only be used to a limited extent.
You can configure, block and delete cookies in your browser settings. Helpful information and instructions for common browsers are provided by the Federal Office for Information Security: https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/EinrwirtungSoftware/EinrwirtungBrowser/Sicherheitsmassnahmen/Cookies/cookies_node.html

Hosting and e-mailing
The hosting services of our provider that we use serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, e-mail dispatch, security services as well as technical maintenance services that we use for the purpose of operating this online offer.
In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors of this online offer on the basis of our legitimate interest in an efficient and secure provision of this online offer in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of contract processing agreement).

Contact and request by e-mail, phone or fax
When contacting us (e.g. via e-mail link), the user's data will be used to process the contact request and its handling in accordance with Art. 6 Par. 1 lit. b. (within the scope of contractual/pre-contractual relations), Art. 6 para. 1 lit. f. (other inquiries) GDPR are processed. User data may be stored, for example, in a customer relationship management system ("CRM system") or generally system-based. Inquiries that are not relevant or do not need to be stored will be deleted
If you contact us by e-mail or telephone, your inquiry including all personal data (name, inquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.
The processing of this data is based on Art. 6 para. 1 lit. b GDPR, if your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on your consent (Art. 6 para. 1 lit. a GDPR) and/or on our legitimate interest (Art. 6 para. 1 lit. f GDPR), as we are very keen to ensure that the inquiries addressed to us are processed effectively.

Video Conferencing / Communication via Cisco Webex Meeting
In order to be able to communicate with our customers and business partners online as well, we use the "Cisco Webex" tool to conduct telephone conferences, online meetings, video conferences or training and instruction (hereinafter: "online meetings"). "Cisco Webex" is a service of Webex Communications Deutschland GmbH, registered office of the company, Hansaallee 249, c/o Cisco Systems GmbH, 40549 D�sseldorf. The corporate group Cisco Systems GmbH has its registered office at Parkring 20, 85748 Garching. Further information on data protection can be found at: https://www.cisco.com/c/de_de/about/legal/privacy-full.html

In order to participate in an "online meeting" or to enter a "meeting room", you can at least provide information about your name. This so that the moderator can grant you access. Anonymous participation in workshops is possible.

Personal data that is processed in connection with participation in "online meetings" is generally not passed on to third parties unless it is specifically intended for disclosure. Please note that content from "online meetings" as well as personal meetings are often used to communicate information with customers, interested parties or third parties and are therefore intended for disclosure.
Meeting metadata: Subject, description (optional), participant IP addresses, device/hardware information. For recordings: MP4 file of all video, audio and presentation recordings,
M4A file of all audio recordings, text file of online meeting chat.

Further recipients: The provider of "Cisco Webex" necessarily obtains knowledge of the above mentioned data, as far as this is provided for in the order processing contract with "Cisco Webex".
Data processing outside the European Union
"Cisco Webex" is a service provided by a provider from the USA. A processing of personal data is therefore also carried out in a third country. With the provider of "Cisco Webex" a contract for processing of orders has been concluded, which complies with the requirements of Art. 28 GDPR. An adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contract clauses by the provider. Further information on data protection and the https://www.cisco.com/c/en/us/about/trust-center/gdpr.html

Privacy policy in the application process
We process applicant data only for the purpose and within the scope of the application procedure in accordance with the legal requirements. Candidate data is processed for the purpose of fulfilling our (pre-)contractual obligations within the scope of the application procedure in accordance with Art. 6 Par. 1 lit. b. GDPR and art. 6 para. 1 lit. f. GDPR if the data processing becomes necessary for us, e.g. in the context of legal procedures (in Germany, � 26 BDSG applies additionally).
The application procedure requires that applicants provide us with the applicant data. The necessary applicant data is derived from the job descriptions and basically includes personal details, postal and contact addresses and the documents belonging to the application, such as cover letter, CV and certificates. In addition, applicants can voluntarily provide us with additional information.

By submitting their application to us, applicants agree to the processing of their data for the purposes of the application procedure in accordance with the type and scope described in this data protection declaration.

Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are voluntarily communicated as part of the application procedure, their processing is additionally carried out in accordance with Art. 9 Para. 2 letter b GDPR (e.g. health data, such as severely disabled status or ethnic origin). Insofar as special categories of personal data within the meaning of Art. 9 Para. 1 GDPR are requested from applicants in the course of the application procedure, their processing is also carried out in accordance with Art. 9 Para. 2 letter a GDPR (e.g. health data if this is necessary for the exercise of the profession).

Applicants can send us their applications by e-mail. Please note, however, that e-mails are generally not sent in encrypted form and that the applicants themselves must ensure that they are encrypted. We can therefore not take any responsibility for the transmission path of the application between the sender and the receipt on our server and therefore recommend to use postal delivery. In this context, we kindly ask you to send us only attachments in PDF format and to observe a maximum file size of up to 5 MB.

The data provided by applicants may be processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is not successful, the applicants' data will be deleted. The applicants' data will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time.

Subject to a justified revocation by the applicants, the data will be deleted after a period of six months so that we can answer any follow-up questions regarding the application and meet our obligations to provide evidence under the Equal Treatment Act. Invoices for any travel expense reimbursement will be archived in accordance with tax law requirements.

Privacy Policy for Video and Camera Surveillance
Wback Ltd.
Edison Street 10
D-59199 B�nen
Phone: +49 (0) 23 83 / 91 28 - 100
Fax: +49 (0) 23 83 / 91 28 - 400
E-Mail: info@wback.de

Responsible for data processing:
Managing Director: Dr. Uwe Bretschneider

Contact details of the Data Protection Officer:
on behalf of DEKRA Assurance Services GmbH
Daniela Rennings | Rennings implementation advice
In the hunting field 42 | 41464 Neuss
Tel: 02131-7429472
mailto:daniela.rennings@dekra.com

Video and camera surveillance is used to protect property, control access to entrances and exits, and protect the rights to the house. This is done on the basis of Art. 6 para. 1 lit. f GDPR. The video recordings are stored on the video server for 14 days in the event of criminal acts or accidents. Afterwards they will be irrevocably deleted.

The data will only be forwarded to third parties if we are legally obliged to do so. The data will not be transferred to third countries.

- You have the right to obtain confirmation from the data controller as to whether personal data concerning you is being processed; if this is the case, you have the right to be informed of this personal data and to receive the information specified in Article 15 GDPR in detail.
- You have the right to request from the controller without delay the correction of any inaccurate personal data concerning you and, if applicable, the completion of incomplete personal data (Art. 16 GDPR).
- You have the right to require the controller to delete personal data concerning you without delay, provided that one of the reasons listed in Article 17 GDPR applies, e.g. if the data is no longer needed for the purposes pursued (right of deletion).
- You have the right to require the controller to restrict the processing if one of the conditions listed in Article 18 GDPR is met, e.g. if you have objected to the processing, for the duration of the examination by the controller.
- You have the right to object at any time to the processing of personal data concerning you for reasons arising from your particular situation The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims (Art. 21 GDPR).
- You also have the right, without prejudice to any other administrative or judicial remedy, to lodge a complaint with a supervisory authority if you consider that the processing of personal data concerning you is in breach of the GDPR (Art. 77 GDPR). You may exercise this right before a supervisory authority in the member state of your residence, place of work or place of the alleged infringement. In North Rhine-Westphalia, the competent authority is:

Landesbeauftragte f�r Datenschutz und Informationsfreiheit Nordrhein-Westfalen
State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestra�e 2-4
40213 Dusseldorf
Phone: 0211 38424-0
Fax: 0211 38424-10
E-Mail: poststelle@ldi.nrw.de


Contradiction advertising e-mails
We hereby object to the use of our contact data, published within the framework of the imprint obligation, for sending advertising and information material not expressly requested. As the operator of the website, we reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as through spam e-mails.

Notice about changes and updates to the privacy information
This data protection information is made available to you on- and offline. It is important to us that you can get a transparent overview of our work and our handling of your data, especially according to your personal data.

It is a matter of course for us that we only process data that is necessary for the justification, preparation and fulfillment of our (pre)contractual services and point out the necessity.
In this context, Article 6 paragraph 2 b., c. and f. shall apply. Article 9 paragraph 2 applies to the processing of data in special categories and Article 88 GDPR applies to data processing in an employee context. Disclosure to external parties shall only be made if it is really necessary in the context of an assignment. When processing data provided by us within the scope of an order, we act in accordance with the instructions of the client and the legal requirements of an order processing in accordance with Art. 28 GDPR and do not process the data for any other purpose than the one specified in the order. In the case of cooperation with other responsible parties, the data protection requirements will be taken into account in mutuality by means of Article 26 GDPR.

Please inform yourself regularly about the content of this data protection information. This is because it will be updated as soon as changes in the data processing carried out by us make this necessary or legal requirements demand it.

Status 11/2020
Imprint Contact
General Terms and Conditions Data protection