Data protection policy

1. Definitions

WERU’s data protection declaration is based on the terminology used by the European directive and regulation authority in the adoption of the GDRP. Our data protection declaration policy should be easy for anyone to read and understand. In order to ensure this, we would like to explain in advance the terms used.

In this data protection statement, we use the following terms, among others:

a. Personal data

Personal data is any information that relates to an identified or identifiable natural person (hereinafter "data subject"). A natural person is considered identifiable who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b. Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

c. Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

d. Profiling

means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements

e. Pseudonymisation

Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

f. Responsible person or person responsible for processing

Responsible person or person responsible for processing is the person responsible or the person responsible for processing is the natural or juridical person, authority, institution or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. If the purposes and means of this processing are determined by the law of the European Union or Member States, then the data controller or the specific criteria for appointment of the data controller may be provided for under Union or Member State law.

g. Processor

Processor is a natural or juridical person, authority, agency or other body which processes personal data on behalf of WERU.

h. Recipient

A recipient is a natural or juridical person, authority, institution or other body, whether third body or not, to whom personal data is disclosed. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

i. Third parties

A third party is a natural or juridical person, authority, institution or other body except the data subject, WERU, the contract processor and the persons authorised under the direct responsibility of WERU or the data processor to process the personal data.

j. Consent

Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. Name and address of party responsible for processing (data controller)

The data controller in the sense given in the GDPR, other data protection laws applicable in the Member States of the European Union and other provisions with a data protection character is:

WERU GmbH
Zumhofer Str. 25
D-73635 Rudersberg
Germany
Tel.: +49 7183 3030
E-mail: info@weru.de
Website: www.weru.com

3. Name and address of data protection officer

WERU's Data Protection Officer is:

Udo Bührle
WERU GmbH
Zumhofer Str. 25
D-73635 Rudersberg
Germany
Tel.: +49 7183 3030
E-mail:
Website: www.weru.com

All data subjects can contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.

{{:}}

4. Cookies

WERU’s websites use cookies. Cookies are text files that are placed on your computer and saved by your browser.

Numerous websites and servers use cookies. Many cookies contain so-called cookie IDs. A cookie ID is a unique cookie identifier. It consists of a character string by means of which websites and servers can be assigned to the specific browser in which the cookie was saved. This allows the visited websites and servers to distinguish the individual browsers of the data subject from other browsers containing other cookies. A certain Internet browser can be recognised and identified via the unique cookie ID.

By using cookies, WERU can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

The information and offers on our website can be optimised in the sense of the user by means of a cookie. Cookies allow us to recognise repeat visitors to our website. The purpose of this recognition is to make it easier for users to use our website. The user of a website which uses cookies, for example, does not need to enter the same access data every time they visit the website or places items back in a basket of an online shop because this is taken over by the website and the cookie on the user’s computer system.

The use of cookies on our website can be blocked at any time using the appropriate setting of the internet browser being utilised, thereby blocking cookies permanently Cookies already set can also be deleted at any time via a browser or other software programs. This is possible in all popular browsers. If cookies are deactivated in the browser used, under certain circumstances the full functionality of our website may not be available.

5. Collection of general data and information

Every time the WERU website is called up it records certain general data and information. These general data and this information are temporarily saved in the server log files. The following may be collected: (1) the browser types and versions used, (2) the operating system used, (3) the website from which our website was accessed (so-called referrer), (4) the webpages accessed on our website, (5) the date and time of access, (6) an internet protocol address (IP address), (7) the accessing system’s Internet Service Provider and (8) other similar data and information serving to avert danger in case of attacks to our IT systems.

When using this general data and information, WERU does not draw any conclusions concerning the person affected. Rather, this information is required to (1) correctly deliver our website content, (2) optimise our website content and the ads, (3) ensure the continuous functionality of our IT systems and the technology used on our website and (4) provide the information required for criminal prosecution to law enforcement agencies in the event of a cyberattack. The data and information collected anonymously are analysed statistically by WERU as well as with the goal of increasing the data protection and data security in our company, ultimately to secure an optimal level of protection for the personal data processed by us. The anonymous data from the server log files are saved separately from all personal data provided by a data subject.

6. Contact via the website

The WERU website contains information required by law, including a general address for so-called electronic mail (email address), to enable rapid electronic contacting of our company as well as direct communication with us. If a data subject contacts WERU by email or via a contact form, the personal data communicated by the data subject are automatically saved. Such personal data communicated voluntarily are saved for the purpose of processing or of contacting the data subject. This personal data is not passed on to third parties.

It is also possible to contact the displayed and selected dealer directly via the dealer search. The personal data provided on a voluntary basis in this context is transferred directly to the selected dealer and stored by them for processing or contacting purposes, if necessary. The personal data provided in this context on a voluntary basis is stored by WERU for statistical evaluation purposes.

7. Routine erasure and blocking of personal data

WERU processes and saves personal data of the data subject only for the period of time required for the purpose of saving to be fulfilled or as provided for by the applicable laws.

If the purpose for saving is no longer applicable or if a legally prescribed retention period expires, the personal data is routinely blocked or deleted in accordance with legal requirements.

8. Data subject rights

a. Right of access

Every data subject has the right to be informed by WERU about the collection and use of their personal data. If a data subject wishes to assert this right, he/she can contact our data protection officer or another of our employees at any time. < br> 

b. Right of access

Every person affected by the processing of personal data has the right to obtain information free of charge from WERU about the personal data stored about him/her and a copy of this information at any time. Furthermore, there is a right of access for the following information:

• the processing purposes
• the categories of personal data being processed
• the recipients or the categories of the recipients to whom the personal data was or will be disclosed, particularly for recipients in third countries or for international organisations
• if possible, the planned duration of retention of the personal data, or, if this is not possible, the criteria for determining this duration
• the existence of a right to rectification or erasure of the personal data or to restriction of processing by WERU or a right to object to this processing
• if the personal data is not collected for the data subject: All available information about the origin of the data
• the existence of automated decision-making including profiling pursuant to articles 22 para.1 and 4 of the GDPR and — at least in these cases — meaningful information about the logic involved as well as the scope and intended impact of such processing on the data subject

The data subject additionally has a right of access as to whether personal data has been transferred to a third country or to an international organisation. If this is the case, the data subject is otherwise entitled to access information about the appropriate guarantees in connection with the transfer. br>
If a data subject wishes to exercise this right of access, they can contact our data protection officer or another of our employees at any time.

c. Right to rectification

Everyone has the right to demand rectification of any inaccurate personal data rectified. A data subject also has the right to have incomplete personal data completed – this will depend on the purposes for the processing. This may involve providing a supplementary statement to the incomplete data.

If a data subject would like to assert this right, they can contact our data protection officer or another employee at any time.
 

d. Right to erasure (right to be forgotten)

Any data subject whose personal data is processed has the right to demand that WERU erase their relevant personal data immediately, if one of the reasons apply and processing is not required:

• The personal data is no longer necessary for the purpose for which it was originally collected or processed;
• the data subject has withdrawn their consent on which processing was based pursuant to art. 6 para. 1 a GDPR or art. 9 para. 2 a GDPR, and there is no other overriding legitimate reason for the processing.
• The data subject objects to the processing pursuant to art. 21 para. 1 GDPR, and there are no overriding legitimate reasons for processing, or the data subject objects to the processing pursuant to art. 21 para. 2 GDPR.
• The personal data has been processed unlawfully.
• Erasure of the personal data is for compliance with a legal obligation by WERU.
• The personal data was collected in relation to services offered by information society services pursuant to art. 8 para. 1 GDPR.

If one of the reasons listed above apply and a data subject would like to assert their right to erasure of personal data stored by WERU, they can contact our data protection officer or another employee at any times for this purpose. Our data protection officer or another employee will ensure that the erasure request is immediately complied with.

If the personal data was published by WERU and if WERU as the data controller is obligated to delete the personal data pursuant to art. 17(1) of the GDPR, then WERU will in consideration of the available technology and the implementation costs take measures, including those of a technical nature, to inform other data controllers processing the published personal data that the data subject has demanded of the other data controllers the erasure of all links to these personal data or copies or replications of this personal data provided that processing is not necessary. The data protection officer of WERU or another employee will arrange for the necessary procedures to be implemented in individual cases.< br> 

e. Right to restrict processing

Any data subject affected by the processing of personal data has the right to demand that WERU restrict processing if one of the following conditions is fulfilled:

• The accuracy of the personal data is contested by the data subject for a period that enables WERU to check the accuracy of the personal data.
• The data has been unlawfully processed, the data subject opposes erasure of the personal data and requests the restriction of the use of the personal data instead.
• WERU no longer requires the personal data for the purposes of processing, but the data subject needs it to establish, exercise or defend a legal claim.
The data subject has objected to processing their data under art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the responsible person at WERU outweigh those of the data subject.

If one of the conditions listed above is satisfied and the data subject wishes to demand the restriction of their personal data saved by WERU, they can contact our data protection officer or another employee for this purpose. The data protection officer at WERU or another employee will initiate restriction of processing.

f. Right to data portability

Every data subject has the right to receive their personal data provided to WERU by the data subject in a structured, standard and machine-readable format. The data subject also has the right to communicate this data to a different data controller without hindrance by WERU provided that the processing is based on consent pursuant to art. 6 para. 1 a or art. 9 para. 2 a of the GDPR or on a contract pursuant to art. 6 para. 1 b of the GDPR and the processing occurs with the help of automated processes provided that the processing is not necessary for the fulfilment of a task in the public interest or in the exercising of public authority assigned to WERU.

Moreover, in the exercising of his or her right to data portability pursuant to art. 20 para. 1 of the GDPR the data subject has the right to effect the transmission of the personal data directly from WERU to another data controller as far as this is technically feasible and provided that the rights and freedoms of others are not thereby affected.

The data subject can contact the data protection officer at WERU or another employee at any time to assert the right to data portability.

g. Right to object

A data subject has the right to object to the processing of their personal data at any time for reasons arising from their particular situation based on art. 6 para. 1 e or f of the GDPR. This also applies to profiling based on these provisions.

WERU shall no longer process the personal data in the event of an objection, unless we can prove compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal claims.

If WERU processes personal data for direct marketing, the data subject has the right to object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling if it is connected to direct advertising. If the data subject objects to processing by WERU for direct marketing purposes, WERU shall no longer process the personal data for these purposes.

In addition, the data subject has the right to object, for reasons arising from their particular situation, to the processing of personal data concerning them by WERU for scientific or historical research purposes or for statistical purposes in accordance with art. 89 para. 1 GDPR, unless such processing is necessary for the fulfilment of a task in the public interest.

In order to assert the right to object, the data subject can contact the WERU data protection officer or another employee directly. The affected data subject is also free to assert their right to object using automated procedures with technical specifications, in relation with the use of information society services, regardless of directive 2002/58/EU.

h. Automated individual decision-making including profiling

Each data subject whose personal data is being processed has the right to not be subject to a decision made solely based on automated processing — including profiling — with legal consequences for him or her or similarly affecting him or her if the decision (1) is not required for the conclusion or performance of a contract between the data subject and WERU, or (2) is permissible based on legal provisions which WERU is subject to and these legal provisions contain reasonable measures for safeguarding the rights and freedoms and the legitimate interests of the data subject or (3) is taken with the explicit consent of the data subject

If the decision (1) is required for the conclusion or performance of a contract between the data subject and WERU or (2) is permissible with the express consent of the person affected, WERU will take appropriate measures to protect the rights and freedoms and legitimate interests of the person affected, which includes at least the right to intervene by WERU, to present their case and to appeal the decision.

If the affected person would like to assert their rights in relation to automated decisions, they can contact our data protection officer or another person at any time.

i. Right to revoke consent for data protection approval

Any data subject affected by the processing of personal data has the right to revoke their consent for processing personal data at any time.

If the affected person would like to assert their right to revoke consent, they can contact our data protection officer or another person at any time.

j. Right to complain

Any data subject affected by the processing of personal data has the right to lodge a complaint with the responsible authority.

9. Data protection for applications and during the application process

Transferral of data
The data will only be viewed by employees * of the Weru Group who are involved in the application process.
The Weru Group hereby undertakes not to make the data accessible to third parties without the consent of the applicant, unless it serves to defend against claims of third parties in a judicial proceedings and to delete them immediately after expiry of the procedure.

Use of the collected data
The personal data will only be stored, processed and used by the Weru Group for the specific application procedure and any resulting recruitment.

Storage period of the application data
Your personal data will generally be deleted automatically 6 months after receipt. This does not apply insofar as legal provisions prevent erasure, further retention is necessary for the purposes of evidencing or if you have explicitly consented to a longer retention period.

Retention for future job advertisements
Should we not be able to offer you a position currently being filled, but believe you application could apply to future job advertisements due to your profile, we will store your personal application data beyond this application if you explicitly consent to such retention and use.

With your consent we will compare your documents with the job advertisements and if there is a suitable position, we will contact you.


Revocation of consent
You can of course revoke your consent for the use of your personal application data at any time as part of the application procedure:

Contact for vacancies in Rudersberg:
Weru GmbH
Zumhofer Strasse 25
D-73635 Rudersberg, Germany
E-mail: personal@weru.de

Contact for vacancies in Triptis:
WERU Fenster und Türen GmbH
Strasse der Deutschen Einheit 1
D-07819 Triptis, Germany
E-mail: personaltriptis@weru.de

* To enhance the readability of the website, no distinction has been made between male, female or other. All personal designations apply equally to all genders.

10. Online enquiry concerning grants and subsidies

We offer you the option of making an online enquiry about grants and subsidies on our website. The service is provided by an external service provider, febis Service GmbH. All entries made during the online query are voluntary and are transmitted directly to febis Service GmbH. All data transmitted to febis Service GmbH is completely pseudonymised. In this pseudonymised form, the data is stored and evaluated by febis Service GmbH and third parties for statistical and market research purposes in the field of energy-saving construction and refurbishment. You can revoke your permission to use your personal data and arrange for the erasure of this data at any time. To do so, send an e-mail to info@foerderdata.de.

11. Data protection provisions about the application and use of DataLine

Via our portal "DataLine", drawings, specifications, test certificates etc. can be downloaded after registration and we can be contacted for consultation by WERU. Precondition for the access is a previous registration. In this context, different personal data have to be supplied. WERU records such data for the purposes of contacting insofar as you have asked for advisory services through us. Moreover, none of your activities on the portal "DataLine" – for example, which drawings or test certificates have been downloaded by you – is being recorded.

12. Data protection policy on deployment and use of Facebook

WERU has integrated components of the company Facebook on this website. Facebook is a social network.

A social network is an internet-based social meeting place, an online community which typically allows users to communicate with each other and interact in virtual space. A social network can serve as a platform for exchange of opinions and experiences or can enable the online community to provide personal or company-related information. Facebook allows users of the social network to create private profiles, upload photos and form networks via friendship requests, amongst other things.

The operator company for Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If a data subject lives outside the USA or Canada, the data controller is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

By accessing each of the individual pages of this website on which a Facebook component (Facebook plug-in) has been integrated, the Internet browser on the data subject's information technology system is automatically prompted by the respective Facebook component to download a representation of the corresponding Facebook component from Facebook. An overall overview of all Facebook plugins can be found at https://developers.facebook.com/docs/plugins/?locale=de_DE. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.

If the data subject is logged into Facebook at the same time, Facebook detects the specific page of our website the data subject visited every time our website is called up by the data subject and for the entire duration of the visit to our website. This information is collected by the Facebook component and associated by Facebook with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the "Like" button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.

Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.

The data protection guideline published by Facebook, which is available at https://de-de.facebook.com/about/privacy/ provides information about the collection, processing and use of personal data by Facebook. It also explains which options Facebook offers to protect the privacy of the data subject. There are also various applications which enable data transmission to Facebook to be suppressed. These applications may be used by the data subject to eliminate a data transmission to Facebook.

13. Data protection policy on deployment and use of Instagram

Functions and content of the Instagram service, offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA, can be integrated into our online offer. This may include content such as images, videos or texts and buttons with which users can share content of this online offer within Instagram. If the users are members of the Instagram platform, Instagram can assign the retrieval of the above content and functions to the user profiles there. Instagram data protection declaration: https://help.instagram.com/519522125107875.

14. Data protection policy on deployment and use of Google Analytics (with pseudonymisation function)

WERU has integrated the Google Analytics component (with pseudonymisation function) on its website. Google Analytics is a web analytics service. Web analytics is the measurement, collection and analysis of data about the behaviour of visitors to websites. A web analytics service records, amongst other things, data about which website a data subject arrived at a website from (so-called referrer), which pages of the website were accessed or how frequently and for how long a page was viewed. A web analysis is predominantly used to optimise a website and for cost-benefit analysis of internet advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

WERU uses the additional anonymize Ip" for web analysis via Google Analytics. Via this extension, the IP address of the internet connection of the data subject is truncated and pseudonymised by Google when our websites are accessed from a Member State of the European Union or from a contracting party to the European Economic Area.

The purpose of the Google Analytics component is to analyse the stream of visitors on our website. Google uses the data and information gained to analyse usage of our website to compile online reports on website activity and to provide additional services associated with the website and internet use to us, amongst other things.

Google Analytics places a cookies in the information technology system of the person affected. The definition for cookies is listed above. Setting of the cookie enables Google to analyse the usage of our website. Each time a WERU website page on which a Google Analytics component has been integrated is retrieved, the data subject’s browser is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analytics. As part of this technical procedure, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently enable commission settlements.

The cookies store personal information, such as the access time, the location from which access is made and the frequency of visits to our website by the data subject. Every time our websites are browsed these personal data including the IP address of the internet connection used by the data subject are transmitted to Google in the US. These personal data are saved by Google in the US. Under certain circumstances, Google passes on personal data collected by technical procedures to third parties.

The data subject can prevent setting of cookies by our website as described above at any time via a corresponding browser setting and thus permanently block the placement of cookies. Setting the browser used in this way would also prevent Google setting a conversion cookie on the data subject’s IT system. A cookies already set by Google Analytics can be deleted at any time via the internet browser or other software programmes.

It is also possible to reject and prevent collection of the data generated by Google Analytics and related to the use of this website as well as the processing of these data by Google. For this a browser add-on must be downloaded from https://tools.google.com/dlpage/gaoptoutand installed. This browser add-on communicates to Google Analytics via JavaScript that no data or information on visits to websites may be transmitted to Google Analytics. Installation of the browser add-on is considered to be a rejection by Google. If the IT system of the data subject is deleted, formatted or reinstalled at a later time, the browser add-on must be installed again to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated, it is possible to reinstall or reactivate the browser add-on.

Further information and the applicable data protection regulations of Google can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail in this link https://www.google.com/intl/de_de/analytics/.

15. Data protection policy on deployment and use of Google AdWords

WERU has integrated Google AdWords into this website. Google AdWords is an internet advertising service that allows advertisers to place ads in the Google search engine results and in the Google Display Network. Google AdWords allows an advertiser to predefine specific keywords by means of which an ad is only displayed in the Google search engine results when the user retrieves a keyword-relevant search result with the search engine. In the Google advertising network, the adverts are distributed to theme-relevant websites using an automatic algorithm and under consideration of the previously defined keywords.

The operating company of Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to promote our website by showing interest-relevant advertising on the websites of third party companies and in the search engine results of Google and to show external advertising on our website.

If a data subject accesses our website via a Google advert, a so-called conversion cookie is stored on the information technology system of the data subject. The definition for cookies is listed above. A conversion cookie becomes invalid after 30 days and is not used for identification of the data subject. Provided that the conversion cookie has not yet expired, it is used to track whether specific pages on our website, e.g. the shopping basket in an online shop system, were accessed. Through the conversion cookie, both Google and we can track whether a data subject who accessed our website via an AdWords ad generated a sale, i.e. purchased items in the shopping basket, or aborted it.

The data and information collected by the use of the conversion cookie is used by Google to generate visitor statistics for our website. We then use these visitor statistics to determine the total number of users who have been sent to us through AdWords ads in order to determine the success or failure of each AdWords ad and to optimise our AdWords ads for the future. Neither our company nor other Google AdWords advertising customers receive information from Google by means of which the data subject could be identified.

The conversion cookies store personal information, for example the websites visited by the data subject. Accordingly, every time our websites are browsed these personal data including the IP address of the internet connection used by the data subject are transmitted to Google in the US. These personal data are saved by Google in the US. Under certain circumstances, Google passes on personal data collected by technical procedures to third parties.

The data subject can prevent setting of cookies by our website as described above at any time via a corresponding browser setting and thus permanently block the placement of cookies. Setting the browser used in this way would also prevent Google setting a conversion cookie on the data subject’s IT system. Moreover, a cookie already set by Google AdWords can be deleted at any time via the internet browser or other software programs.

Furthermore, it is possible for the data subject to object to the interest-related advertising by Google. To do so, the data subject must call up the link www.google.de/settings/ads from each of the internet browsers it uses and make the desired settings there.

Further information and the applicable Google data protection regulations can be found at https://www.google.de/intl/de/policies/privacy/.

16. Data protection policy on deployment and use of YouTube

WERU has integrated components of YouTube on this website. YouTube is an internet video portal that allows video publishers to watch video clips for free and other users to view, rate and comment on them for free. YouTube permits publication of all types of videos, for which reason complete films and television programmes as well as music videos, trailers or videos made by users themselves can be retrieved via the internet portal.

The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

On this website, each time an individual page on which a YouTube component (YouTube video) has been integrated is retrieved, the browser on the IT system of the data subject is automatically prompted through the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. Further information on YouTube can be found at https://www.youtube.com/yt/about/de/. During the course of this technical procedure, YouTube and Google are made aware of what specfic sub-site of our website was visited by the data subject.

If the data subject is logged into YouTube at the same time, with the retrieval of a page containing a YouTube video YouTube detects the specific page of our website the data subject visited. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.

YouTube and Google receive information via the YouTube component that the data subject has visited our website if the data subject is simultaneously logged into YouTube at the time of accessing our website; this takes place regardless of whether the data subject clicks on a YouTube video or not. Should the data subject not desire transmission of this information to YouTube and Google, they can prevent the transmission by logging out of his or her YouTube account before calling up our website.

The data protection policies published by YouTube which can be found at https://www.google.de/intl/de/policies/privacy/, provide information on how personal data is collected, processed and used by YouTube and Google.

17. Legal basis for processing

The GDPR, particularly Articles 6 and 9 of the GDPR, serves as the legal basis for our processing of personal data: Art. 6 I lit. a of the GDPR serves our company as the legal basis for processing operations for which we receive consent for a specific processing purpose. If processing of personal data is necessary for performance of a contract to which the data subject is a contracting party as is the case, for example, for processing operations required for delivery of goods or provision of another service or quid pro quo, then processing is based on Art. 6(1)(b) of the GDPR. This also applies to such processing operations required for implementation of pre-contractual measures, for example in cases of queries pertaining to our products or services. If WERU is subject to a legal obligation making processing of personal data necessary, for example for fulfilment of tax obligations, processing is based on Art. 6(1)(c) of the GDPR. Processing of personal data may be necessary in rare cases to safeguard the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our company is injured and his or her name, age, health insurance details or other vital information needs to be passed on to a doctor, a hospital or another third party. Then processing would be based on art. 6(1)(d) of the GDPR. Finally, processing could be based on art. 6(1)(f) of the GDPR. This legal basis can be applied to processing operations not covered by any of the above-mentioned legal bases if processing is necessary for safeguarding a legitimate interest of our company or a third party provided that the interests, basic rights and basic freedoms of the data subject do not override it. Such processing operations are particularly permitted to us because they were specifically mentioned by the European legislator. It held the view that a legitimate interest could be assumed insofar as the data subject was a customer of the data controller (recital 47 sentence 2 of the GDPR).

18. Legitimate interests in processing pursued by WERU or a third party

If processing of personal data is based on Article 6 I lit. f of the GDPR, then our legitimate interest is the carrying on of our business to the benefit of all our employees and shareholders.

19. Duration of retention of personal data

The criterion for the duration of retention personal data is the respective legal retention period. The corresponding data is routinely erased after the period provided that it is no longer needed for performance or negotiating of a contract.

20. Statutory or contractual provisions on the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide personal data; possible consequences of non-provision

We hereby declare that the provision of personal data is in part legally prescribed (e.g. tax regulations) or can be yielded from contractual provisions (e.g. details about the contracting partner). For the conclusion of a contract if may occasionally be necessary for a data subject to provide us with personal data which must then be processed by us. The data subject is, for example, obligated to provide us with personal data if WERU concludes a contract with the data subject. Non-provision of the personal data would have the consequence that the contract would not be able to be concluded with the data subject. Before providing personal data, the data subject can contact our data protection officer. Our data protection officer will explain to the data subject on a case-by-case basis whether the provision of personal data is legally or contractually prescribed or necessary for contract conclusion, whether there is an obligation to provide personal data and what the consequences of not providing the personal data would be.