In this data privacy document we explain you how and when we process your data and for which purpose on our website as well as on our social media profiles.
Werder Solutions AG
Phone: +41 62 837 10 00
Mobile: +41 79 211 58 24
Different types of processed data:
– Inventory data (e.g., Namen, Adressen).
– Contact data (e.g., E-Mail, phone number, more numbers).
– Content data (e.g., text input, photos).
Usage data (e.g., visited websites).
Meta-/communication data (e.g., device information or IP addresses)
Affected groups of persons
Visitors and customers of our offered services.
Purpose of data processing
Providing our offer and our content
– Responding to requests and communcation with visitors and customers
– security measures
„Personal data“ are all information which can be used to identify a natural person. A natural person can bed identified if it’s possible to connect (directly or indirectly) to an identification number, location data or online id (e.g. cookie).
„Processing“ means any performed action or series of actions in context with personal data. The term is very far reaching and includes almost any handling of data.
„Pseudonymization“ is used for processing of personal data in a way that without additional data it’s not possible to link the information to a natural person. This applies if additional data ist stored separately and technical and organizational measures are applied which guarantee that the data can’t be linked to a natural person.
„Profiling“ means any type of automized processing of personal data where personal data is used to assess specific personal aspects which can be linked to a natural person directly. Especially regarding determination and prediction of performance at work, economical situation, personal interests, reliability, location information.
„Responsible“ is the natural or legal person who decides alone or together with other about the purpose and means of personal data processing.
„Contract processors“ could be a natural or legal person, authority, institution or other position which processes personal data on behalf of the „responsible“.
Based on art. 13 GDPR we tell you the legal basis regarding our data processing. As long as the legal basis is not mentioned within the data protection statement the following applies: the legal basis for obtaining consent is art. 6 section 1 lit a and art. 7 GDPR. The legal basis for data processing to fulfill our services and implementation of contractual measures as well as responding to request is art. 6 section 1 lit b GDPR. Legal basis for data processing to fulfill our legal duties is art. 6 section 1 lit c GDPR and legal basis for data processing to secure our own interests is art. 6 section 1 lit f GDPR.
According to art. 32 GDPR we take appropriate actions considering the current state of technology, the cost of implementation, the kind, scope and circumstances to guarantee a certain level of security.
Those measures include especially securing confidentiality, integrity and availability of data by controlling physical access of this data. We further use methods which guarantee a perception of victims’ rights, deletion of data and a reaction to endangering of data. We further take the protection of personal data into account when selecting hardware, software or new methods according to the principle of data protection through technology design (art. 25 GDPR).
Collaboration with contract processors (and third parties)
If we reveal, transfer or grant access to data to other persons or companies in the context of data processing this is done only on the basis of a legal permission (e.g. if transferring data is necessary to fulfill our contract (e.g. payment provider) according to art. 6 section 1 lit. b GDPR), your consent, there is a legal obligation or based on our legitimate interest (e.g. using hosting provider, etc.).
If we commission third parties to process data on the basis of a so-called “processing contract”, this is done on the based on art. 28 GDPR.
Data transfer to third countries
If we process data in a third country (i.e. country outside of the European Union (EU) or the European Economic Area (EEA)) or do this by using third party services or disclosure of data to third parties this only happens if it is to fulfill our (pre) contractual obligations, based on your consent, based on a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only in the presence of the special conditions of art. 44 et seq. GDPR. This means that the processing is e.g. on the basis of specific guarantees, such as the officially recognized level of data protection (eg for the US through the Privacy Shield) or compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).
Rights of affected persons
You have the right of confirmation whether certain data are processed and the right of information about this data as well as further information and a copy of the data according to art. 15 GDPR.
According to art. 16 GDPR you also have the right to request the completion of personal data or the correction of incorrect data about you.
In accordance with art. 17 GDPR, you have the right to demand relevant data to be deleted immediately.
You have the right to demand that the data relating to you, which you have provided to us, be obtained in accordance with art. 20 GDPR and request their transmission to other persons responsible.
According to art. 77 GDPR you still have the right to file a complaint with the competent supervisory authority.
Right of withdrawal
You have the right to revoke your granted consent for future effect in accordance to art. 7 para. 3 GDPR.
Right of objection
You may contradict at any time the future processing of your data in accordance with art. 21 GDPR. The objection may in particular be against processing for the purposes of direct advertising.
Cookies and right of objection (for direct advertisement)
“Cookies” are small files that are stored on users’ computers. In cookies, various information can be stored. A cookie is primarily used to store information about a user (or the device on which the cookie is stored) during or after his visit to a website. In the case of temporary cookies, “session cookies” or “transient cookies”, the data is deleted after a user leaves an online offer and closes his browser. In such a case, e.g. the contents of a shopping cart in an online shop or a login status are saved (but not beyond the session). “Permanent” or “persistent” cookies, save the data even after closing the browser. For example, the login status can be saved if users return to the site after several days. Likewise,the interests of the users can be stored in such a cookie, which are used for relevant range measurement or marketing purposes. Third party cookies are cookies offered by providers other than the person responsible.
If you do not want cookies to be stored on your computer, you will be asked to disable the corresponding option in the system settings of your browser. Saved cookies can be deleted at any time in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this online offer or to complete disfunction.
Deletion of data
According to legal requirements in Germany, the storage takes place in particular for 10 years according to §§ 147 Abs. 1 AO, 257 Abs. 1 Nr. 1 and 4, Abs. 4 HGB (books, records, management reports, accounting documents, trading books, relevant for taxation Documents, etc.) and 6 years in accordance with § 257 (1) no. 2 and 3, para. 4 HGB (commercial letters).
According to legal regulations in Austria the storage takes place for 7 years according to § 132 paragraph 1 BAO (accounting documents, receipts / invoices, accounts, receipts, business papers, statement of income and expenses, etc.), for 22 years in connection with real estate and for 10 years in the case of documents relating to electronically supplied services, telecommunications, broadcasting and television services provided to non-entrepreneurs in EU Member States and for which the Mini-One-Stop-Shop (MOSS) is used.
Additionally we process
– contract data (for example, subject matter, customer category)
– Payment data (for example, payment history)
from our customers, prospects and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research. </ span>
Order processing in the online shop and customer account
In order to perform the chosen services, we process the data of our customers as part of the reservation processes in our online portal.
This data includes inventory data, communication data, contract data, payment data and persons affected by the processing belong to our customers, prospects and other business partners. Processing is for the purpose of providing contractual services in the context of operating an online portal, billing, delivery and customer services. For this purpose, we use session cookies for the storage of the shopping cart content and permanent cookies for the storage of the login status.
Processing is based on Art. 6 para. 1 lit. b and c GDPR. The information marked as required for the establishment and fulfillment of the contract is required. We disclose the data to third parties only in the context of extradition, payment or in the context of legal permissions and obligations to legal advisors and authorities. The data will only be processed in third countries if this is absolutely necessary for the fulfillment of the contract (for example on customer’s request upon delivery or payment).
Users can optionally create a user account, in particular by being able to view their orders. As part of the registration, the required mandatory information will be communicated to the users. If users have terminated their user account, their data will be deleted with regard to the user account if, for commercial or tax law reasons, their retention is in accordance with Art. 6 para. 1 lit. c GDPR is no longer necessary. Information in the customer account remains until its deletion with subsequent archiving in case of a legal obligation.
When registering and logging in, as well as in general when using our services, we store the IP address and the time of the respective actions. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. A transfer of these data is not in principle, unless it is necessary for the prosecution of our claims or there is a legal obligation acc. Art. 6 para. 1 lit. c GDPR.
A deletion takes place only with expiration of legal warranty and comparable duties, the necessity of the storage of the data is checked every three years; in the case of legal archiving obligations, the deletion takes place after its expiry (end of commercial law (6 years) and tax law (10 years) retention obligation). </ span>
External payment service provider
As part of the fulfillment of contracts we use payment service providers of base of Art. 6 Abs. 1 lit. b. DSGVO. Apart from that we use payment service providers on base of our interests according to Art. 6 Abs. 1 lit. f. DSGVO, to offer our users a efficient and secure payment method.
Administration, Accounting, office organization, contact management
We process data as part of our administrative tasks like carry out our operationalbusiness, accounting and to obey legal duties, e.g. like filing. Hereby we process data that we process during the proving of services. The basis therefor are Art. 6 Abs. 1 lit. c. DSGVO, Art. 6 Abs. 1 lit. f. DSGVO. By this mainly our customers are affected but also interested parties, business partners and visitors of our website.
Regarding this we reveal data to our financial administration, consultants (like tax consultant, auditors as well as fee collectors and payment service providers.
Economical analysis and market research
To ensure that our business stays economical, to see market tendencies and wishes of our partners and users, we analyze the present data regarding orders, requests etc. Hereby we process inventory data, contract data, payment, user and meta data on base of Art. 6 Abs. 1 lit. f. DSGVO. Thereby affected could be contracting parties, interested parties, customer, visitors and users of our online offer.
These analyzes are carried out for the purpose of economical evaluations, of marketing and market researches. For that we can also take into account profiles of registered users together with data regarding the claimed services. We use this analyzes to increase usability and optimize our online offer and its economical value.
If these analyzed or profiles are personally identifiable they will be anonymized with your termination of the profile or otherwise after twi years from the conclusion of contract. In general we always try to make anonymized analyzes and forecasts of user preferences.
Users can open user accounts. As part of the registration they will be told the obligatory information needed to open an account on base of Art. 6 Abs. 1 lit. b DSGVO to allow us to provide an account. This includes above all the login information (name, password, email address). The data that is provided as part of the registration process is utilized for the use of customer accounts and their purposes.
Users are informed via mail about changes that are relevant for their account, e.g. technical amendments. If users have deleted their accounts, the data collected data will also be deleted, naturally in compliance with legal retention periods. It is in the responsibility of the user to store and safe their data before they end their contract with us. We are entitled to delete all data collected during the duration of the contract permanently.
As part of using our registration and login functionality as well as using the user account itself, we store Ip address and time of each user action. This is done on base of our legitimate interest and also in the interest of users to protect them from abuse and unauthorized usage. A transfer of this data to third parties is generally only possible if it is necessary to pursuit our claims or to meet legal requirements on base of Art. 6 Abs. 1 lit. c. DSGVO. IP addresses are anonymized or deleted after 7 days at the latest.
If costumers or user leave comments, we can store their IP address on base of our legitimate interest for seven days according to Art. 6 Abs. 1 lit. f. DSGVO. This is done for our own safety in case someone leaves a comment containing illegal content (insults, forbidden political propaganda, etc.) In such cases we can be held responsible for the content of comments and therefore have a great interest in the identity of the author.
We store the for comments and posts requested data permanently until the user files an objection.
Our online offer uses the service „Akismet“ from Automattic Inc. (60 29th Street #343, San Francisco, CA 94110, USA) to preserve our legitimate interest on according to Art. 6 Abs. 1 lit. f) DSGVO. With the support of this service we can tell the difference between comments made by real persons and spam-comments. For that all information made for posting a comment is send to a server in the USA that analyzes the data and stores it four days for comparative purposes. Is a comment regarded as spam the data is stores for a longer period. The information includes the entered name, the used Email address, Ip address, the content of the comment, the referrer and information about the browser, the computer system and the time of the entry.
It is allowed to use pseudonyms or to leave the fields for name and mail address blank. You can also prevent the transfer of data by not using the comment functionality. Would be a shame but we don’t see any alternatives that would be equally effective.
If you make contact with us (e.g. per contact form, email, phone or via social media) we will process your data according to Art. 6 Abs. 1 lit. b. (as part of pre-contractual or contractual relations), Art. 6 Abs. 1 lit. f. (andere Anfragen) DSGVO. These information can also be stored in a Customer-Relationship-Management System (“CRM System“) or similar organizations.
We delete inquiries if they are not required anymore. The necessity will be verified every other year. Further the legal filing obligations apply.
In the following we introduce the content of our newsletter as well as the registration, the distribution, the statistical evaluation process and your right for contradiction. In subscribing to our newsletter you agree to receiving our newsletter and also to the described processes.
Content of the newsletters: among others we send newsletter, emails and other electronic messages with commercial content („newsletter“ in the following). However, only consent with the recipient or a legal permission. If the contents of a newsletter are concretely described, they will be decisive for the consent of the users. Furthermore our newsletters can contain information about our service and about us.
Double-Opt-in and documentation: registering to our newsletter is only possible with a so called double-opt-in method: That means after the first registration you will receive an email where you need to confirm the registration. This confirmation is absolutely necessary to make sure no-one can register with an email he or she doesn’t own. Every registration for our newsletter is documented, to enable us to proof our process is according to the legal requirements. This also includes the storage of the login and confirmation time, as well as the IP address. Likewise, changes to your data stored with the shipping service provider will be logged.
A dispatch of our newsletter and the related performance measurement are made on the basis of a consent of the recipients acc. Art. 6 para. 1 lit. a, Art. 7 DSGVO i.V.m § 7 Abs. 2 No. 3 UWG or if consent is not required, based on our legitimate interests in the direct marketing acc. Art. 6 para. 1 lt. F. DSGVO i.V.m. § 7 Abs. 3 UWG.
The logging of our registration process is based on our legitimate interests in accordance with. Art. 6 para. 1 lit. f DSGVO. We are interested in using a user-friendly and secure system that both serves our business interests and meets users’ expectations.
Termination / Revocation – You may terminate our newsletters at any time, ie. revoke your consent to this. You can find a link to cancel the newsletter at the end of each newsletter.
However, we may save the submitted email addresses for up to three years on the basis of our legitimate interests before we delete them, in order to provide evidence of prior consent. The processing of these data is limited to the purpose of a possible defense against claims.
Individual requests for deletion are possible at any time, provided that at the same time the former existence of a consent can be confirmed.
The dispatch of our newsletter in run by means of the dispatch service provider „MailChimp”.
The shipping service provider may use the data of the newsletter recipients in a pseudonimized form, ie. without assignment to a user, to optimize or improve their own services, e.g. for the technical optimization of the shipping and the appearance of the newsletter or for statistical purposes. However, the service provider does not use the data of our newsletter recipients to contact them or to pass on the data to third parties.