Privacy Policy

General Privacy Policy 

Website

With this privacy policy, wolfcraft GmbH, Wolffstraße 1, D-56746 Kempenich, phone: +49 (0) 2655 510, email: datenschutz@remove-this.wolfcraft.com ("wolfcraft") is complying with its legal obligation to provide information according to Art. 13 of the General Data Protection Regulation (GDPR) with respect to the processing of personal data on our website. In the following we explain which of your personal data we process and how. Please contact us if you have any further questions. You will find our contact data above and at the end of this document.

Personal data

Personal data consists of all information that refers to an identified or identifiable natural person. A natural person shall be regarded as identifiable providing they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an ID number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This includes, for example, information such as their name, address, telephone number, e-mail address, bank details or date of birth.

Processing of personal data

Processing of personal data occurs in all operations executed with or without the aid of automated processes or in all series of operations in connection with personal data. Data processing can be seen in particular in the collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction of personal data.

We process personal data according to the specifications and prerequisites set out below as part of automated processing and based on a relevant, legislative authorisation basis.

Automated decision-making on a case-by-case basis including individual profiling in accordance with Art. 22 of GDPR will not take place.

Collection of personal data when visiting our website

If the website is used merely for information purposes, i.e. if you do not register or otherwise provide us with information, we shall only collect the personal data that your browser transfers to our server. If you wish to view our website, we shall collect the following data in particular, which is technically necessary in order for us to display our website to you and to ensure the necessary stability and security:

– IP address

– Date and time of your inquiry

– Time zone difference from Greenwich Mean Time (GMT)

– Contents of the request (specific page)

– Access status/HTTP status code

– Volume of data transferred in each case

– Website from which the request originates (referrer where applicable)

– Operating system and its user interface, screen resolution and depth of colour

– Type, language and version of the browser software

The legislative basis for this is Art. 6 Section 1 Subparagraph 1 point (f) GDPR ("legitimate interest").

In addition to the use of our website purely for information purposes, we also offer various services which you can use if interested. For this, you will generally need to provide further personal information to enable us to provide the service. This is introduced in this document.

Use of cookies

In addition to the aforementioned data, cookies will also be stored on your computer when you use our website providing you grant us consent.

Cookies are small text files that are stored on your hard drive assigned to the browser you are using and that are used by the organisation that sets the cookie to obtain certain information. Cookies cannot run programs or infect your computer with viruses. Their purpose is to make the website more user-friendly and effective overall.

The legislative basis for this is Art. 6 Section 1 Subparagraph 1 point (a) GDPR ("consent").

You can decide whether you grant us consent for all cookies, only for certain types (for example necessity, performance, functionality, advertising) or none at all. You can control the non-system-critical cookies with our cookie tool - to do this, click on the "Cookie Settings" button at the bottom of the page.

This consent is voluntary. You can refuse without providing a reason and you will not suffer any negative consequences as a result. You can withdraw this consent in written form (e.g. by letter, e-mail) at any time with effect for the future via the contact data above, without any resultant negative consequences. Please be aware, however, that if you do not grant your consent or if you withdraw it, this may mean you will not be able to use all the functions of this website.

Further information on the use of cookies can be found in the sections below, insofar as cookies are used.

For detailed information, see our cookie policy, which can be viewed via the following link https://www.wolfcraft.de/cookie-richtlinien/.

Use of Google Analytics

This website uses Google Analytics, a web analysis service by Google Inc. ("Google"). Google Analytics uses cookies, i.e. text files stored on your computer that enable an analysis of your use of the website.

Cookies are only set if you grant us consent to do this. The legislative basis for this is Art. 6 Section 1 Subparagraph 1 point (a) GDPR ("consent"). This consent is voluntary. You can refuse without providing a reason and you will not suffer any negative consequences as a result. You can withdraw this consent at any time with effect for the future without any resultant negative consequences - to do this, click on the "Cookie Settings" button at the bottom of this page. 

Google also processes your personal data in the USA. Before you give your consent in accordance with Art. 49 Section 1 point (a) GDPR, we draw your attention in particular to the fact that, in the USA, there may not be an appropriate level of data protection in the absence of an adequacy decision and appropriate safeguards, as data protection laws do not meet the requirements of GDPR; in particular it may not be possible to enforce the rights of data subjects.

In general, the information generated by the cookie concerning your use of this website will be passed on to a Google server in the USA and saved there. However, in the event of IP anonymisation being activated on this website, your IP address will be abbreviated beforehand by Google within Member States of the European Union or in other countries that are contracting parties to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. Acting on behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website usage and Internet usage to the website operator.

The IP address provided by your browser in the context of Google Analytics will not be merged with other Google data.

This website uses Google Analytics with the extension "_anonymizeIp()". As a result, IP addresses are processed in abbreviated form to prevent them being directly linked to a particular individual. If the data collected about you is assigned a personal reference, it will be immediately excluded and the personal data will be deleted immediately.

We use Google Analytics to analyse the use of our website so that we can regularly improve it. The statistics gathered enable us to improve our offering, making it more interesting for you, the user. 

Information on third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: https://policies.google.com/terms, overview of data protection: https://policies.google.com/, and privacy policy: https://policies.google.com/privacy

Contact

When you contact us by e-mail, the information you provide will be processed by us. The only obligatory information is your name and e-mail address. This information is required for us to be able to reply to your inquiry accordingly. Other personal data may be entered voluntarily if you wish (for instance, if you want us to call you back, we will need your telephone number; if we are to send you information via post, we will need your address). Your personal data will be stored by us to answer your questions and fulfil your requests. We shall delete the data collected in this way once its storage is no longer required, or shall restrict processing if statutory retention requirements apply.

The legislative basis for this is Art. 6 Section 1 Subparagraph 1 point (f) GDPR ("legitimate interest").

Embedding of YouTube videos

Our online content includes YouTube videos that are stored on www.YouTube.com and that can be played directly from our website. These are all embedded in "extended privacy mode", which means that no data about you as a user will be transferred to YouTube if you do not play the videos. The data mentioned under "Collection of personal data when visiting our website" will only be transmitted if you play the relevant videos. We have no influence over the transfer of this data.

The above only occurs if you grant us consent to do this. The legislative basis for this is Art. 6 Section 1 Subparagraph 1 point (a) GDPR ("consent"). This consent is voluntary. You can refuse without providing a reason and you will not suffer any negative consequences as a result. You can withdraw this consent at any time with effect for the future without any resultant negative consequences - to do this, click on the "Cookie Settings" button at the bottom of this page. 

YouTube also processes your personal data in the USA. Before you give your consent in accordance with Art. 49 Section 1 point (a) GDPR, we draw your attention in particular to the fact that, in the USA, there may not be an appropriate level of data protection in the absence of an adequacy decision and appropriate safeguards, as data protection laws do not meet the requirements of GDPR; in particular it may not be possible to enforce the rights of data subjects.

When you visit the website, YouTube receives notice that you have accessed the corresponding subpage of our website. In addition, the data mentioned above in this declaration under "Collection of personal data when visiting our website" will be transmitted. This happens regardless of whether you are logged into a user account provided by YouTube or you do not have a user account. If you are logged into Google, your data will be assigned directly to your account. If you do not wish this data to be linked to your profile on YouTube, you must log out before using the button. YouTube stores your data as user profiles and uses it for advertising and market research purposes and/or to customise its website. Such analysis is specifically carried out to provide appropriate advertising (even for users who are not logged in) and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and must contact YouTube to exercise this right.

For further information on the purpose and scope of data collection and processing by YouTube, please consult the privacy policy. This also contains further information about your rights and settings options for the protection of your privacy: https://policies.google.com/privacy

Use of social media plug-ins

We do not use social media plug-ins.

On our site you will merely find links to our presences on YouTube, Facebook, Instagram, Twitter, Pinterest, LinkedIn.

For further information on the purpose and scope of data collection and processing by the provider when you visit their page, please consult the provider's privacy policy as set out below. This also contains further information about your relevant rights and settings options for the protection of your privacy.

Addresses of the providers and URL with their data protection information:

 

Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data collection: http://www.facebook.com/help/186325668085084

Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA; Website: https://www.instagram.com; privacy policy: http://instagram.com/about/legal/privacy.

Twitter Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy

Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland; privacy policy: https://policy.pinterest.com/de/privacy-policy

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; website: https://www.linkedin.com; privacy policy: https://www.linkedin.com/legal/privacy-policy

Embedding of Google Maps

This website uses Google Maps content provided by Google. This enables us to display interactive maps directly on the website and allow you to use the convenient map function.

The above only occurs if you grant us consent to do this. The legislative basis for this is Art. 6 Section 1 Subparagraph 1 point (a) GDPR ("consent"). This consent is voluntary. You can refuse without providing a reason and you will not suffer any negative consequences as a result. You can withdraw this consent at any time with effect for the future without any resultant negative consequences - to do this, click on the "Cookie Settings" button at the bottom of this page. 

Google also processes your personal data in the USA. Before you give your consent in accordance with Art. 49 Section 1 point (a) GDPR, we draw your attention in particular to the fact that, in the USA, there may not be an appropriate level of data protection in the absence of an adequacy decision and appropriate safeguards, as data protection laws do not meet the requirements of GDPR; in particular it may not be possible to enforce the rights of data subjects.

When you visit the website, Google receives notice that you have accessed the corresponding subpage of our website. In addition, the data mentioned under "Collection of personal data when visiting our website" in this declaration will be transmitted. This happens regardless of whether you are logged into a user account provided by Google or you do not have a user account. If you are logged into Google, your data will be assigned directly to your account. If you do not wish this data to be linked to your profile on Google, you must log out before using the button. Google stores your data as user profiles and uses it for advertising and market research purposes and/or to customise its website. Such analyses are specifically carried out to provide appropriate advertising (even for users who are not logged in) and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and must contact Google to exercise this right.

For further information on the purpose and scope of data collection and processing, please consult the provider's privacy policy. This also contains further information about your rights and settings options for the protection of your privacy: www.google.de/intl/de/policies/privacy. 

User-generated content

We process videos and photos in which you are shown as user-generated content subject to appropriate consent in accordance with Art. 6 Section 1 Subparagraph 1 point (a) GDPR in conjunction with Art. 7 GDPR.

Where the video or photo reveals your ethnic origin, religion or gender (e.g. skin colour, head covering, glasses), your consent also relates to this data. Information on the Internet is accessible worldwide and can be found using search engines and combined with other information, which can be used to create a personality profile relating to you. Information posted on the Internet, including videos and photos, can easily be copied and redistributed. There are specialist archiving services that serve to permanently document the status of certain websites at certain times. This means that information published on the Internet may still be retrievable even after it has been deleted from the original page.

This granting of rights occurs without compensation and also includes the right to process videos and photos.

This consent is voluntary. You can refuse without providing a reason and you will not suffer any negative consequences as a result. You can withdraw this consent in written form (e.g. by letter, e-mail) at any time with effect for the future via the contact data below without any resultant negative consequences. Photos in which you can be identified and which essentially show only you will then be removed immediately and no longer be used for new (digital) printed matter. If you are depicted in the photo together with other people, the photo does not have to be removed, instead, it is sufficient if you are immediately made unrecognisable in the photo (e.g. by pixelating). If you are shown in a photo with other people and we wish to replace it with a new photo rather than use the option of pixelating (for instance because the photo has a special meaning for the website, etc.), the deadline for replacing the photo is one month. In the case of print media, digital publications and videos, personal data will not be removed until the new media is produced.

Google Tag Manager

This website uses Google Tag Manager by Google. Google Tag Manager is a solution that allows marketers to manage website tags from an interface. The Tag Manager tool itself (which implements the tags) is a cookieless domain and does not collect personal data. The tool is used to trigger other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation took place at domain or cookie level, this remains in effect for all tracking tags implemented with Google Tag Manager.

Cookies are only set for Google applications if you grant us consent to do this. The legislative basis for this is Art. 6 Section 1 Subparagraph 1 point (a) GDPR ("consent"). This consent is voluntary. You can refuse without providing a reason and you will not suffer any negative consequences as a result. You can withdraw this consent at any time with effect for the future without any resultant negative consequences - to do this, click on the "Cookie Settings" button at the bottom of this page.

Google also processes your personal data in the USA. Before you give your consent in accordance with Art. 49 Section 1 point (a) GDPR, we draw your attention in particular to the fact that, in the USA, there may not be an appropriate level of data protection in the absence of an adequacy decision and appropriate safeguards, as data protection laws do not meet the requirements of GDPR; in particular it may not be possible to enforce the rights of data subjects.

The legislative basis for the use of Google Tag Manager is Art. 6 Section 1 Subparagraph 1 point (f) GDPR ("legitimate interest").

Job applications

If you submit a job application to us, we will process the data you provide in order to determine whether we would like to establish and maintain an employment relationship with you.

During the application process, besides form of address, surname and forenames, the usual correspondence data such as postal address, e-mail address and telephone numbers will be stored. In addition, application documents like cover letter, curriculum vitae, professional, educational and further training qualifications as well as references will be collected.

Applicant data sent to us or input by applicants will be processed only up to the point a decision is made about hiring if no employment relationship is embarked upon. Four months after the rejection has been sent out and the application documents returned to the applicant, the data will be erased.

Your data will only be stored in an applicant pool if you grant your express consent to this. It will then be stored for a maximum period of two years. This consent is voluntary. You can refuse without providing a reason and you will not suffer any negative consequences as a result. You can withdraw this consent in written form (e.g. by letter, e-mail) at any time with effect for the future via the contact data above, without any resultant negative consequences.

In cases where we embark on an employment relationship with you, the data you provided us with will be processed in order to justify, conduct and where applicable terminate this employment relationship.

The data may be processed for statistical purposes (e.g. reporting). No inferences to individual persons will be possible in such cases.

The legislative basis for this is Section 26 Bundesdatenschutzgesetz (German Data Protection Act) (Section 26 (8) (2)).

Processing duration

The maximum length of time the data will be stored depends upon the purpose for which the data is being processed. The duration of storage depends in particular on how long the data needs to be stored to fulfil the purpose in question. The data will in addition be processed for up to ten years to comply with legal obligations (e.g. obligations for retention for commercial and taxation laws in accordance with § 257 Handelsgesetzbuch (German Commercial Code), § 147 Abgabenordnung (German Fiscal Code)).

Data recipients

We shall transfer your data to departments within wolfcraft, where this is necessary.

The data may be transferred to companies within the wolfcraft Group providing this is necessary for processing the contract relationship. The legislative basis is Art. 6 Section 1 Subparagraph 1 point b GDPR ("necessity for the performance of a contract").

The authorisation basis for any data transfer beyond this within the wolfcraft Group is Art. 6 Section 1 Subparagraph 1 point (f) GDPR ("legitimate interest"). According to this, processing of data is legitimate if its processing is required by us in order to maintain our legitimate interests except in cases where the interests or basic rights of the data subject are overriding. In the recitals for the GDPR, the legitimate interest for transmission within a group of undertakings is defined in Recital 48. Accordingly, transmission within a corporate group for internal administrative purposes with regard to the processing of customer data is deemed to qualify as a legitimate interest on our part within the meaning of Art. 6 Section 1 Subparagraph 1 point (f) GDPR.

In some cases, we use external service providers to process your data. These have been carefully selected by us and commissioned, are bound by our instructions and subject to regular inspections. All requirements of Art. 28 GDPR have been observed.

Location of data processing operations

All processing of personal data shall take place either in Germany or in Member States of the European Union. No personal data shall be transferred by us to states that are not Member States of the European Union (known as third countries) or to other international organisations unless stated otherwise in this document.

Where we transfer personal data to service providers outside the EU, this only takes place if an appropriate level of data protection has been confirmed in the third country by the EU Commission or other appropriate data protection safeguards are in place (e.g. binding corporate rules or an agreement on the standard contractual clauses of the EU Commission) or the data subject has given consent (Art. 44 ff. GDPR).

Security/technical and organisational measures

We shall undertake all the necessary technical and organisational measures while taking into account the regulations in Art. 24, 25 and 32 GDPR in order to protect your personal data from loss, destruction, access, modification or dissemination by unauthorised persons and misuse.

In this way we are observing the legal requirements for the pseudonymisation and encryption of personal data, for confidentiality, integrity, availability and resilience of systems and services in relation with the processing, availability of personal data and ability to restore this quickly in case of a physical or technical incident as well as to set up procedures for regular checking, assessment and evaluation of the effectiveness of these technical and organisational measures to guarantee security of processing.

Furthermore we also observe the requirements of Art. 25 GDPR with respect to the principles of "privacy by design" and "privacy by default".

Your rights

You have a right to gratuitous information about your personal data and, where legal requirements are in place, a right to correction, blocking and erasure of your data, to restriction of processing, to data portability and to a right of objection.

If we base the processing of your personal data on the balancing of interests, you may object to its processing. This will be the case if, in particular, processing is not required in order to fulfil a contract with you. If you decide to exercise such an objection, we will ask you to explain the reasons why we should not process your personal data as we have done. If your objection is legitimate, we shall examine the situation and shall either discontinue or modify the way we process the data or provide you with our compelling legitimate reasons for continuing with processing.

You can also submit a complaint to the responsible supervisory authority (e.g. Landesbeauftragter für den Datenschutz und Informationsfreiheit Rheinland-Pfalz, Hintere Bleiche 34, 55116 Mainz).

Last updated: January 2024

Only the latest version of this document applies.

Facebook Privacy Policy

With this privacy policy, wolfcraft GmbH, Wolffstraße 1, D-56746 Kempenich, phone: +49 (0) 2655 510, email: datenschutz@wolfcraft.com ("wolfcraft") is complying with its legal obligation to provide information according to Art. 13 of the General Data Protection Regulation (GDPR) with respect to processing of personal data on our Facebook page. In the following we explain which of your personal data we process and how. Please contact us if you have any further questions. You will find our contact data above and at the end of this document.

Personal data

Personal data consists of all information that refers to an identified or identifiable natural person. A natural person shall be regarded as identifiable providing they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an ID number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economical, cultural or social identity of that natural person. This includes, for example, information such as their name, address, telephone number, e-mail address, bank details or date of birth.

Processing of personal data

Processing of personal data occurs in all operations executed with or without the aid of automated processes or in all series of operations in connection with personal data. Data processing can be seen in particular in the collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction of personal data.

We process personal data according to the specifications and prerequisites set out below as part of automated processing and based on a relevant, legislative authorisation basis.

Automated decision-making on a case-by-case basis including individual profiling in accordance with Art. 22 of GDPR will not take place.

Data processing on our Facebook page

wolfcraft GmbH uses the technical platform and services of Meta Platforms Ireland Limited, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland for its Facebook page.

Please note that you are solely responsible for how you use this Facebook page and its features. This applies in particular to the use of interactive features (e.g. commenting, sharing, rating). Alternatively, you can also retrieve the information offered on this page via our website at www.wolfcraft.de.

The controller in accordance with Art. 4(7) GDPR is wolfcraft as the operator of the Facebook page, and Meta Platforms Ireland Limited as joint controller in accordance with Art. 26 GDPR. You can view the contract regarding our joint control at https://www.facebook.com/legal/terms/page_controller_addendum. Meta Platforms Ireland Limited accordingly is primary controller in accordance with the specifications of the GDPR for the processing of insights data and shall comply with all obligations arising from the GDPR with respect to the processing of insights data (among others Art. 12 and 13 GDPR "Information to be provided", Art. 15 to 22 GDPR "Rights of the data subject" and Art. 32 to 34 GDPR "Technical and organisational measures").

When you visit our Facebook page, Facebook collects your IP address and other information available on your PC in the form of cookies. These cookies have not been set by us. This information is used to provide us, as the operator of the Facebook page, with statistical information about how our Facebook page is used. Facebook provides further information about this at the following link: https://www.facebook.com/help/pages/insights

The legal basis for the processing of data is Art. 6(1)(1)(f) GDPR ("legitimate interest").

The data collected about you in this context is processed by Facebook Ltd. and, where applicable, transferred to countries outside the European Union. Facebook describes the information it receives and how it uses it in general terms in its data use policies. There you will also find information about ways of contacting Facebook as well as the preferences for advertisements. The full data policies of Facebook can be found at the following link: https://www.facebook.com/privacy/policy/

How Facebook uses the data from visits to Facebook pages for its own purposes, the extent to which activities on a Facebook page are assigned to individual users, how long Facebook stores this data and whether data from visits to a Facebook page is shared with third parties has not been conclusively and clearly stated by Facebook and is therefore not known to us.

When you access a Facebook page, the IP address assigned to your device is transmitted to Facebook. According to Facebook, this IP address is anonymised (in the case of "German" IP addresses) and deleted after 90 days.

Facebook also stores information on its users' devices (e.g. as part of the "Login Notification" feature); this may enable Facebook to assign IP addresses to individual users.

If you are currently logged into Facebook as a user, there will be a cookie with your Facebook ID on your device. This enables Facebook to track your visit to this page and how you used it. This also applies to all other Facebook pages. These cookies have not been set by us.

Facebook buttons embedded in websites enable Facebook to record your visits to these websites and assign them to your Facebook profile. Content or advertising can be tailored to you based on this data.

If you do not want this, you should log out of Facebook or deactivate the "Stay signed in" feature, delete the cookies on your device and close and reopen your browser.

This will delete Facebook information that could identify you directly. This allows you to use our Facebook page without disclosing your Facebook ID.

If you access interactive features on the page (like, comment, share, news, etc.), a Facebook login mask will appear. After any login, you will once again be identifiable by Facebook as a specific user.

You can find information on how to manage or erase information about you on the following Facebook support pages: https://www.facebook.com/privacy/policy/

In some cases, we also collect and process your personal data to conduct competitions. The legislative basis in this case is Art. 6 Section 1 Subparagraph 1 point b GDPR ("performance of a contract"). This data is required to conclude the contract about the competition. Without this data we cannot conclude a contract for the competition with you.

We as the provider of the information service do not collect or process any data resulting from your use of our service.

For further information on Facebook and other social networks and how you can protect your data, see youngdata.de

Data processing duration

The maximum length of time the data will be processed by us depends upon the purpose for which the data is being processed. The time it will be stored depends in particular on how long the data needs to be processed to fulfil the purpose. This does not affect legal obligations for retention.

Recipients of personal data

We shall transfer your personal data to departments within wolfcraft, where this is necessary. Apart from the transmissions mentioned above, your data shall be sent to no other persons.

Location of data processing operations

Your personal data will always be processed either in Germany or in Member States of the European Union. No personal data shall be transferred by us to states that are not Member States of the European Union (known as third countries) or to other international organisations unless stated otherwise above in this data privacy declaration in respect to Facebook.

Security/technical and organisational measures

We shall undertake all the necessary technical and organisational measures within our sphere of control taking into account the specifications in Art. 24, 25 and 32 GDPR in order to protect your personal data from loss, destruction, access, alteration or dissemination by unauthorised persons and misuse. In this way we are observing the legal requirements for the pseudonymisation and encryption of personal data, for confidentiality, integrity, availability and resilience of systems and services in relation with the processing, availability of personal data and ability to restore this quickly in case of a physical or technical incident as well as to set up procedures for regular checking, assessment and evaluation of the effectiveness of these technical and organisational measures to guarantee security of processing.

Furthermore we are also observing the requirements of Art. 25 GDPR with respect to the principles of "privacy by design" and "privacy by default".

Your rights

You have a right to gratuitous information about your personal data and, where legal requirements are in place, a right to correction, blocking and erasure of your data, to restriction of processing, to data portability and to a right of objection.

If we base the processing of your personal data on the balancing of interests, you may object to its processing. This will be the case if, in particular, processing is not required in order to fulfil a contract with you. If you decide to exercise such an objection, we will ask you to explain the reasons why we should not process your personal data as we have done. If your objection is legitimate, we shall examine the situation and shall either discontinue or modify the way we process the data or provide you with our compelling legitimate reasons for continuing with processing.

You can also submit a complaint to the responsible supervisory authority (e.g. Landesbeauftragter für den Datenschutz und Informationsfreiheit Rheinland-Pfalz, Hintere Bleiche 34, 55116 Mainz).

Facebook Custom Audiences/Facebook Pixel

Information/Purpose

This website uses the “Facebook Pixel” of the “Facebook” social network, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) as the controller. The “Facebook Pixel” is used for the following purposes:

  • Facebook (Website) Custom Audiences

On our website, we use the Facebook Pixel and the Conversions API for remarketing purposes to be able to contact you again within 180 days. This makes it possible to display interest-based advertisements – “Facebook Ads” – to users of the website when they visit the “Facebook” social network or other websites that also use this tool. With this, we pursue our interest in showing you advertisements that are of interest to you in order to make our website or offers more interesting for you as a user.

  • Facebook Conversion

Additionally, by using the Facebook Pixels and the Conversions API, we want to ensure that our Facebook ads match the potential interests of the users and are not annoying. With the Facebook Pixel, we can track the effectiveness of the Facebook ads for statistical and market research purposes by seeing whether users were redirected to our website after clicking on a Facebook ad (“conversion”).

Due to the marketing tools used (Facebook Pixel and Conversions AP), your browser automatically establishes a connection with Facebook's server as soon as you have allowed the use of cookies that require approval and have thus granted us the necessary consent. The integration of the Facebook Pixel and the use of the Conversions API result in Facebook being informed that you have accessed the corresponding page of our website or have clicked on one of our advertisements. If you are a registered user of a Facebook service, Facebook can link the visit to your account. We have no influence over this.

The data is processed by Facebook in accordance with Facebook's Data Policy. Special information and details regarding the Facebook Pixel and the Conversion API, as well as about the way it works, can also be found in the Facebook Help Centre.

Recipients

Joint controllership: We, as wolfcraft GmbH, hold joint responsibility with Meta Platforms Ireland Limited., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (Meta) for the collection and transmission of data within the scope of this process. This applies for the following purposes:

  • The creation of personalized or suitable advertisements, as well as the optimisation thereof
  • Delivery of commercial and transaction-related messages (e.g. via Messenger)

The following processing is therefore not encompassed by the joint controllership:
The processing that takes place after collection and transmission is the sole responsibility of Meta.

  • The creation of reports and analyses in aggregated and anonymised form is conducted within the framework of commissioned data processing and therefore within our responsibility.

For the joint controllership, we have concluded a corresponding agreement with Facebook. The agreement can be accessed here: https://www.facebook.com/legal/controller_addendum.

It defines the respective responsibilities for fulfilment of the obligation under the GDPR with regard to joint controllership.

The contact data of the responsible company and the data protection officer of Facebook can be accessed here: https://www.facebook.com/about/privacy.

More information about how Meta processes personal data, including the legal basis that applies and other information on the rights of the data subject, can be found here: https://www.facebook.com/about/privacy. We transmit the data within the framework of the joint controllership, based on the legitimate interest as per Art. 6(1)(f) GDPR.

Information on the data security terms can be found here https://www.facebook.com/legal/terms/data_security_terms and information on processing on the basis of standard contractual clauses is available here: https://www.facebook.com/legal/EU_data_transfer_addendum.

Erasure/withdrawal of consent

You can deactivate the tool in the cookie settings - to do this, click on the "Cookie Settings" button at the bottom of the page.

Lifetime of the cookies: up to 180 days after the last interaction (this only applies to cookies that were set via this website).

Legal basis

Art. 6(1)(a) GDPR (consent)

Instagram Privacy Policy

The information service provided at https://www.instagram.com/wolfcraft_deutschland/ makes use of the technical platform and services of Meta Platforms Ireland Limited, 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.

Please note that you are solely responsible for how you use this Instagram page and its features. This applies in particular to the use of interactive features (e.g. commenting, sharing, rating).

Collection of personal data

When you visit our Instagram page, Instagram and the affiliated company Meta collect your IP address and other information available on your PC in the form of cookies. This information is used to provide us, as the operator of the Instagram pages, with statistical information about how the Instagram page is used. Meta provides further information about this via the following link: https://help.instagram.com/ .

In the following, we inform you about the handling of your personal data. Personal data in this context is any data with which you can be personally identified. Please carefully check which personal data you share with us via Instagram and Meta. As long as you are logged in to your Instagram account and visit our Instagram profile, Instagram can match it to your Instagram profile. We expressly point out that Instagram – and thus also Meta – stores the data of its users (e.g. personal information, IP address etc.) and may also use it for business purposes. For more information on the data processing performed by Instagram, refer to the privacy policy of Instagram. The full data policies of Instagram can be found here: https://help.instagram.com/519522125107875/?helpref=hc_fnav

We have no influence on the data collection and further processing by Instagram. Furthermore, it is not possible for us to determine the scope, location or duration of the data storage, to what extent Instagram and Facebook fulfils existing deletion obligations, what evaluations and links are made with the data and to whom the data is passed on. If you want to prevent Instagram and Facebook from processing personal data that you transmit to us, please contact us in other ways. Our contact data is provided in full in our Legal Notice.

The data collected about you in this context is processed by Facebook Ireland Ltd. and, where applicable, transferred to countries outside the European Union. Instagram/Meta describes the information it receives and how it uses it in general terms in its data use policies. There you will also find information about ways of contacting Facebook as well as the preferences for advertisements. The full data policies of Instagram can be found here: https://help.instagram.com/519522125107875/?helpref=hc_fnav

Instagram and Meta do not conclusively and clearly state how they use the data from visits to Instagram pages for their own purposes, the extent to which activities on an Instagram page are assigned to individual users, how long Instagram stores this data and whether data from visits to an Instagram page is shared with third parties, and this information is therefore not known to us.

The data controller within the meaning of the European General Data Protection Regulation (GDPR) is

wolfcraft GmbH

Contact data of the controller:

Wolffstraße 1, 56746 Kempenich

Phone: +49 (0) 2655 510

Electronic contact address of the controller: datenschutz@wolfcraft.com 

This applies insofar as we are the sole processor of the data you submitted to us via Facebook/Instagram. Insofar as the data you transmitted to us via Facebook/Instagram is also or exclusively processed by Meta, Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland, is also the data controller within the meaning of the General Data Protection Regulation (GDPR), in addition to us.

Data protection officer of Facebook

You can contact the data protection officer of Meta by means of the contact form provided by Meta at https://www.facebook.com/help/contact/540977946302970. The data controller is the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of personal data. When you access an Instagram page, the IP address assigned to your device is transmitted to Instagram/Facebook. According to Facebook, this IP address is anonymised (in the case of "German" IP addresses) and deleted after 90 days. Facebook also stores information on its users' devices (e.g. as part of the "Login Notification" feature); this may enable Facebook to assign IP addresses to individual users. If you are currently logged in to Instagram as a user, there will be a cookie with your Instagram ID on your device. This enables Facebook to track your visit to this page and how you used it. This also applies to all other Instagram pages. Instagram buttons integrated into websites enable Facebook to record your visits to these websites and assign them to your Instagram profile. Content or advertising can be tailored to you based on this data.

If you do not want this, you should log out of Instagram and Facebook or deactivate the "Stay signed in" feature, delete the cookies on your device and close and reopen your browser. This will delete Instagram and Facebook information that could identify you directly. This allows you to use our Instagram page without disclosing your ID. If you access interactive features on the page (like, comment, share, news, etc.), a login mask will appear. If you log in, you will once again be identifiable by Instagram as a specific user.

Data processing when you contact us

We collect personal data ourselves, for example when you contact us by means of a contact form. Which data we record when contacted via contact form is apparent from the contact form itself. This data is stored and used exclusively for the purpose of responding to you or making contact with you and for the associated technical administration. The legislative basis for processing the data is our legitimate interest in responding to your query or concern, in accordance with Art. 6 (1)(f) GDPR. If you made contact with us with the intent of concluding a contract, the legislative basis additionally is Art. 6 (1)(b) GDPR. After your query has been fully processed, your data is deleted, insofar as no legal retention requirements apply. We assume that the processing has been concluded once the circumstances indicate that the matter in question has been clarified in full.

Data processing for execution of a contract

If you make contact with us via Instagram for the purpose of entering into a contract for delivering goods/services with us, we additionally process the data you submit in this context as follows in the event of a contract conclusion:

In the course of the payment processing, we provide your payment data to the commissioned credit institute, insofar as this is required for the payment processing. Here the legislative basis for forwarding the data is Art. 6 (1)(b) GDPR.

In the case of contracts for the delivery of goods, we provide the personal data we have collected to the transport company commissioned with delivering the goods within the scope of the contract processing, insofar as this is required for the delivery of the goods.

Rights of the data subject

The applicable data protection law grants you as data subject comprehensive rights (rights of access and intervention) vis-à-vis the data controller with regard to the processing of your personal data, which we inform you about below:

Right of access in acc. with Art. 15 GDPR;

Right to rectification in acc. with Art. 16 GDPR;

Right to erasure in acc. with Art. 17 GDPR;

Right to restriction of processing in acc. with Art. 18 GDPR;

Right to notification in acc. with Art. 19 GDPR;

Right to data portability in acc. with Art. 20 GDPR;

Right to withdraw consent in acc. with Art. 7 (3) GDPR;

Right to lodge a complaint in acc. with Art. 77 GDPR.

 

Right to object

If, within the framework of a balancing of interests, we process your personal data on the basis of our overriding legitimate interest, you have the right to object to this processing with effect for the future at any time for reasons arising from your particular situation. If you make use of your right to object, we stop the processing of the data concerned. However, we reserve the right to perform further processing if we can demonstrate compelling legitimate grounds that outweigh your interests, fundamental rights and freedoms, or if the processing is required for the purpose of establishing, exercising or defending legal claims.

If we process your personal data for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data concerned for the purpose of such marketing. You can exercise your right to object as described above. If you make use of your right to object, we stop the processing of the data for the purpose of direct marketing.

Storage duration for personal data

The storage duration of personal data depends on the applicable legal retention period (e.g. retention periods stipulated by commercial and tax legislation). After the period has expired, the data concerned is deleted routinely insofar as it is no longer required for the purpose of initiating or executing a contract and/or we no longer have a legitimate interest in storing the data. We as the provider of the information service do not collect or process any data resulting from your use of our service. The full data policies of Instagram can be found here: help.instagram.com/519522125107875/

Google Analytics 4

If you have given your consent, this website uses Google Analytics 4, a web analytics service provided by Google LLC. The responsible party for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google").

Scope of processing

Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by means of the cookies about your use of this website is generally transferred to a Google server in the USA and stored there.

With the help of the user ID, we can assign a unique, permanent ID to one or more sessions (and the activities within these sessions) and analyse user behaviour across devices.

Google Analytics 4 has IP address anonymisation enabled by default. Due to IP anonymisation, your IP address will be shortened by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there. According to Google, the IP address transmitted by your browser in the context of Google Analytics will not be merged with other Google data. During your website visit, your user behaviour is recorded in the form of "events". Events can be:

  • Page views
  • First visit to the website
  • Start of session
  • Your "click path", interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • Clicks on external links 
  • Internal search queries
  • Interaction with videos
  • File downloads
  • Seen/clicked ads
  • Language setting

The following is also recorded:

  • Your approximate location (region)
  • Your IP address (in shortened form)
  • Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
  • Your internet service provider
  • The referrer URL (via which website/advertising medium you came to this website)

Purposes of processing

Acting on behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics serve to analyse the performance of our website and the success of our marketing campaigns.

Recipients

Recipients of the data are/may be

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor under Art. 28 GDPR)
  • Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
  • Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

It cannot be ruled out that US authorities may access the data stored by Google.

Third country transfer

Insofar as data is processed outside the EU/EEA and there is no level of data protection corresponding to the European standard, we have concluded EU standard contractual clauses with the service provider to establish an appropriate level of data protection. The parent company of Google Ireland, Google LLC, is based in California, USA. A transfer of data to the USA and access by US authorities to the data stored by Google cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU/EEA. You may not be entitled to any legal remedies against access by authorities.

Duration of storage

The data sent by us and linked to cookies are automatically deleted after 14 months. The deletion of data whose retention period has been reached occurs automatically once a month.

Legal basis

The legal basis for this data processing is your consent pursuant to Art. 6 (1)(1)(a) GDPR [If relevant: Art. 49a GDPR].

Withdrawal of consent

You can revoke your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. To do so, please click on the "Cookie Settings" button at the bottom of the page. The lawfulness of the processing carried out on the basis of the consent until the revocation remains unaffected.

You can also prevent the storage of cookies from the outset by setting your browser software accordingly. However, if you configure your browser to reject all cookies, this may result in a restriction of functionalities on this and other websites. In addition, you may prevent the collection by Google of the data generated by the cookie and relating to your use of the website (including your IP address) as well as the processing of this data by Google by

a. not giving your consent to the setting of the cookie or

b. downloading and installing the browser add-on to disable Google Analytics HERE.

For more information on Google Analytics' terms of use and Google's privacy policy, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and https://policies.google.com/?hl=us.

wolfcraft GmbH Privacy Policy for the Whistleblowing System

Introduction

It is very important to us that personal data is handled carefully and in compliance with the law. This is particularly the case for data submitted in reports to the whistleblowing system. This applies both to the email inbox and to our web-based application. The following information sets out how we handle your personal data submitted in reports to the whistleblowing system for the purpose of preventing violations of applicable law or company guidelines (e.g. fraud or corruption as well as other criminal offences) and/or enabling detection of such violations.

The term personal data means all information that refers to an identified or identifiable natural person (hereinafter "data subject"). Personal data therefore includes a person's first name and surname, address, date of birth, email addresses and telephone numbers.

Purposes of processing personal data

wolfcraft GmbH processes the following types of personal data among others within the context of entry and processing of reports in the whistleblowing system:

  • Information that personally identifies the whistleblower, such as first name and surface, gender, address, telephone number and email address.
  • Employee relationship to wolfcraft GmbH.
  • Information about data subjects, i.e. natural persons identified in a report as someone who has committed the violation or with whom the identified person is associated. Such information includes first name and surname, gender, address, telephone number and email address or other information that enables identification.
  • Information about violations that may allow identification of a natural person.

wolfcraft GmbH processes the personal data for the purpose of investigating the reports in order to prevent or detect violations of applicable law or company guidelines and/or take follow-up actions (such as measures to assess the veracity of the claims made in the report and if applicable to take action against the reported violation, including through internal inquiries, investigations, prosecutions, measures for (re)recovery of funds or closure of the proceedings).

Legal basis

  • We only process information that personally identifies the whistleblower if the whistleblower has consented to this as per Article 6 (1) (a) GDPR. According to this, processing is only legitimate if the data subject has consented to the processing of the personal data concerning them for one or more specific purposes.
  • We process information on the employee relationship, information on data subjects and other information that can identify natural persons on the basis of Article 6 (1) (f) GDPR. According to this, processing is legitimate if it is required in order to maintain the legitimate interests of the controller or a third party, except in cases where the interests or basic rights and basic freedoms of the data subject that call for their personal data to be protected are overriding.

We have a justified interest – depending on the specific individual case to be examined – in the processing of reports in order to be able to take follow-up actions, such as measures to assess the veracity of the claims made in the report and if applicable to take action against the reported violation, including through internal inquiries, investigations, prosecutions, measures for (re)recovery of funds or closure of the proceedings. The question of whether our interests are incompatible with the interests or basic rights and basic freedoms of the data subject will be examined in the individual case – including also with a view to the violation.

Where appropriate, we process personal data of employees on the basis of Section 26 (1) (2) of the German Federal Data Protection Act. According to this, personal data of employees for the purpose of Section 26 (8) of the German Federal Data Protection Act may be processed for the detection of criminal acts if factual indications to be documented give rise to the suspicion that the data subject in the employment relationship has committed a criminal act, that processing is necessary to detect it and that the legitimate interest of the employee(s) in the exclusion of the processing is not overriding, in particular, the nature and extent are not disproportionate in respect of the occasion.

Your rights

You have the following rights in relation to us with regard to the personal data concerning you:

Right of access (Article 15 GDPR)

Right to rectification (Article 16 GDPR) or erasure (Article 17 GDPR)

Right to restriction of processing (Article 18 GDPR)

Right to data portability (Article 20 GDPR)

Right to object to processing (Article 21 GDPR)

In addition, we would like to inform you, as a whistleblower, about your right to withdraw your consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent until the withdrawal.

You can exercise your rights by, among other things, sending an email to the following email address: datenschutz@wolfcraft.com

In addition, you have the right to make a complaint to a data protection supervisory authority regarding the processing of your personal data by us. You can contact the supervisory authority for our headquarters for this. You will find the address at the following link: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.htm

 General information on the recipients or categories of recipients

The personal data that is processed in the context of a report is processed by Trusty AG, Riedstrasse 7, 6330 Cham, Switzerland, on behalf of and in accordance with the instructions of wolfcraft GmbH in accordance with Article 28 GDPR.

Personal data is only transmitted to third parties if there is a legal basis for doing so. In particular, this is the case if the transmission serves the fulfillment of legal requirements according to which we are obliged to provide information, report or pass on data, if you have given us your consent for this, or if it is justified by a weighing of interests. 

In addition, external service providers, such as external data centres or telecommunications providers, for example, process personal data on our behalf as a data processor.

Depending on the focus of responsibility of the report as well as for effective initiation of follow-up actions, the personal data will be passed on to our responsible specialist departments if necessary. We may also share the personal data with national emergency management and or law enforcement authorities, other responsible authorities and/or persons who are bound to secrecy (e.g. auditors/solicitors).

General information on the retention period

As a general rule, data is stored until the follow-up actions are complete. As a rule, the report documentation is to be deleted three years after completion of the proceedings under the German Whistleblower Protection Act, unless the initiation of further legal steps necessitates its continued storage (e.g. initiation of criminal or disciplinary proceedings).

Personal data in connection with reports is deleted by us immediately if we consider them to be factually baseless.

Information in accordance with Article 13 (2) (e) GDPR

The provision of data about a report is neither contractually required nor necessary for conclusion of a contract. Depending on an individual case, there may be a statutory obligation to submit a report to us. However, processing of the data is necessary for meaningful processing and investigation of the report.

Privacy Policy for Business Partners and Their Contact Persons

With this privacy notice, wolfcraft GmbH, Wolffstrasse 1, 56746 Kempenich is complying with its legal obligation to provide information according to Art. 13 of the General Data Protection Regulation (GDPR) with respect to processing of personal data of interested parties and other business partners. In the following, we explain which of your personal data we process and how, as per our privacy policy. Please contact us if you have any further questions.

Personal data

Personal data consists of all information that refers to an identified or identifiable natural person. A natural person shall be regarded as identifiable providing they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an ID number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economical, cultural or social identity of that natural person. This includes, for example, information such as name, address, telephone number, email address and bank details.

Purpose of processing the personal data, legal bases

Processing of personal data occurs in all operations executed with or without the aid of automated processes or in all series of operations in connection with personal data. Data processing can be seen in particular in the collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction of personal data.

We process personal data according to the specifications and prerequisites set out below as part of automated processing and always with a relevant legal basis. We process your data in particular for the purpose of performance of a contract or in order to take steps prior to entering into a contract, for example contract initiation measures. As a rule, the legal basis that applies is Art. 6(1)(1)(b) GDPR (“necessary for the performance of a contract”).

We process the following data:

Interested parties and other business partners:

  • Personal data / contact data (e.g. first name, last name, company (if applicable), address, mobile/phone/fax number, email)
  • Communication data in connection with correspondence (emails, letters)

Customers:

  • Personal data / contact data (e.g. first name, last name, company (if applicable), mobile/phone/fax number, email, address)
  • Contract and accounting data (e.g. bank details, ordered goods, invoicing data)
  • Communication data in connection with correspondence (emails, letters)
  • Credit checks

 

Suppliers and service providers:

  • Personal data / contact data (e.g. first name, last name, company, mobile/phone/fax number, e-mail, address)
  • Contract and accounting data (e.g. bank details, ordered goods, invoicing data)
  • Communication data in connection with correspondence (emails, letters)

With respect to compliance with legal obligations, Art. 6(1)(1)(c) GDPR is the relevant legal basis.

Additionally, data processing may take place in the pursuit of our legitimate interests, in acc. with Art. 6(1)(1)(f) GDPR. A legitimate interest exists when we have an economic, legal or intellectual interest, provided that it is not overridden by your legitimate interests.

When no legal basis applies, your personal data is processed if you give your express consent in accordance with Art. 6(1)(1)(a) GDPR in conjunction with Art. 7 GDPR. Non-provision or withdrawal of such consent does not affect the option of performing data processing on the basis of statutory enabling provisions, in particular Art. 6(1)(1)(b) GDPR (“necessary for the performance of a contract”), Art. 6(1)(1)(c) GDPR (“legal obligation”), as well as Art. 6(1)(1)(f) GDPR (“legitimate interest”). Your declaration of consent is voluntary. Non-provision or withdrawal of consent does not pose any disadvantage to you. You may request to view the record of your consent and withdraw your consent by e-mail or post at any time. Withdrawing consent does not affect the lawfulness of the processing that has taken place up to the point in time at which the withdrawal occurred. You will find our contact data above.

In some cases, we use external service providers to process your data. These have been carefully selected by us and commissioned, are bound by our instructions and subject to regular inspections. The requirements of Art. 28 GDPR have been observed.

Data recipients

Recipients of personal data are service providers or contractors, such as computer centre service providers, IT partners, banks document shredders etc., that we commission and that process the personal data on our behalf. We contractually oblige these processors to maintain professional secrecy and comply with the provisions of the GDPR, in particular Art. 28 GDPR, as well as the German Data Protection Act (BDSG).

Information on transfer to a third country

We do not transfer any personal data to a third country. Third countries are countries that are not members of the European Union.

Marketing

Wolfcraft intents to potentially process the data that you provided or we collected for marketing purposes. In this case, the legislative basis is Art. 6(1)(1)(f) GDPR (“legitimate interest”). Such a legitimate interest in acc. with the GDPR recitals exists in particular with regard to direct marketing (Recital 47(7)). The term 'direct marketing' refers to a provider – in this case, us – directly communicating with a consumer with the aim of promoting the sales of services, for example. The marketing is performed by post, electronically (e-mail), by SMS/MMS or by phone. The requirements of Section 7 UWG (German Act against Unfair Competition) are of course observed. The marketing measures include in particular newsletters, info letters, announcements and invitations to Wolfcraft events. You may at any time object to the processing of your personal data for the purpose of marketing. The relevant contact data can be found above and at the end of this privacy notice. In this case, your personal data will not be processed for marketing purposes any more and will be deleted from the marketing distribution lists.

Processing duration

We store personal data in accordance with a general erasure concept that applies for us. Following this concept, personal data is assigned to an erasure class. In this erasure class, retention periods and standard erasure periods are assigned to the personal data. After the standard erasure periods have expired, the personal data is erased.

The maximum length of time the data will be stored depends upon the purpose for which the data is being processed, for instance compliance with statutory retention periods (such as retention obligations stipulated by commercial and taxation laws, e.g. up to ten years in accordance with Section 257 Handelsgesetzbuch (German Commercial Code), Section 147 Abgabenordnung (German Fiscal Code).

Security/technical and organisational measures

We shall undertake all the necessary technical and organisational measures while taking into account the regulations in Art. 24, 25 and 32 GDPR in order to protect your personal data from loss, destruction, access, modification or dissemination by unauthorised persons and misuse. In this way we are observing the legal requirements for the pseudonymisation and encryption of personal data, for confidentiality, integrity, availability and resilience of systems and services in relation with the processing, availability of personal data and ability to restore this quickly in case of a physical or technical incident as well as to set up procedures for regular checking, assessment and evaluation of the effectiveness of these technical and organisational measures to guarantee security of processing. Furthermore we are also observing the requirements of Art. 25 GDPR with respect to the principles of "privacy by design" and "privacy by default".

Your rights

You have a right to access information about your personal data free of charge (Art. 15 GDPR) and, if the legal requirements are met, a right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR) of your data, to restriction of processing (Art. 18 GDPR), to data portability (Art. 20 GDPR) and to a right of objection (Art. 21 GDPR).

If we base the processing of your personal data on the balancing of interests, you may object to its processing. This will be the case if, in particular, processing is not required in order to fulfil a contract with you. If you decide to exercise such an objection, we will ask you to explain the reasons why we should not process your personal data as we have done. If your objection is legitimate, we shall examine the situation and shall either discontinue or modify the way we process the data or provide you with our compelling legitimate reasons for continuing with processing.

In as far as the processing of your personal data is based on Art. 6(1)(a) GDPR (consent) or Art. 9(2) GDPR in the context of special categories of personal data, in other words if the processing is based on the permission of the data object, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

You can assert these rights either directly against us or against our data protection officer. You will find the respective contact data above.

You can also submit a complaint to the responsible supervisory authority:

Landesbeauftragte für den Datenschutz und Informationsfreiheit Rheinland-Pfalz

Hintere Bleiche 34

55116 Mainz, Germany

Provision of personal data

Our company offers various services for which the basis is a contract concluded between you as data subject and our company (e.g. purchase agreement). Here you are obliged to provide certain personal data. We require this data for the performance of the contract (e.g. address, payment information). If this data is not provided, it is not possible to conclude contracts with our company.

Automated decision-making and profiling

Our company does not take any measures that involve automated decision-making on a case-by-case basis or individual profiling (e.g. information on the preferences or conduct of the data subject) within the meaning of Art. 22 GDPR.

Contact Details of the Data Protection Officers

In case of questions regarding the processing of your personal data and questions about the above rights as well as the assertion of these rights and suggestions, please contact us or our external data protection officers:

DORNBACH GmbH Rechtsanwaltsgesellschaft

Anton-Jordan-Strasse 1 

56070 Koblenz, Germany

Contact:

Dr Alexander Birkhahn

Tel.: +49 (0) 261 9431 134

Mr Rouven Beck

Tel.: +49 (0) 681 89197 1002

Email: datenschutz@remove-this.wolfcraft.com