We are pleased that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to inform you at this point which of your personal data we collect when you visit our website and for what purposes it is used. Personal data is individual information about personal or factual circumstances of a specific or identifiable natural person (data subject), e.g. name, address, e-mail addresses, user behaviour. This is data with which we can identify you. In addition, you will also find information on data processing processes outside of this website (e.g. video conferences or newsletters).

‍

Person responsible for data processing

Responsible

for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

WestWood Kunststofftechnik GmbH
An der Wandlung 20
32469 Petershagen
DE
+49 5702 8392-0
info@westwood.de

‍

Data Protection Officer

exkulpa gmbh
Waldfeuchterstr. 266
52525 Heinsberg
Phone: 02452 / 99 33 11
E-mail: datenschutz(at)westwood.de

‍

General

This privacy statement complies with the legal requirements for transparency in the processing of personal data. This is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour when visiting a website. Information for which we cannot (or can only with disproportionate effort) establish a link to your person, e.g. through anonymisation, is not personal data. The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.

Stored personal data are deleted as soon as the purpose of the processing has been achieved and there are no legitimate grounds for further retention of the data. We will inform you in the individual processing operations about the specific storage periods or criteria for storage. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defence of legal claims and if there are statutory retention obligations.

‍

Information according to Art. 13 GDPR

This information is intended for customers, interested parties, suppliers and employees. Your personal data will be processed by us for the following purposes:

• To fulfil our contractual obligations to you (Art. 6 para. 1 lit. b GDPR).
• To carry out pre-contractual obligations (Art. 6 para. 1 lit. b GDPR).
• To respond to enquiries (Art. 6 para. 1 lit. b GDPR).
• If you have given us your consent to process your personal data for certain purposes (for example, to receive our newsletter), the data processing is based on your consent (Art. 6 para. 1 lit. a GDPR).
• To fulfil legal obligations to which our company is subject (Art. 6 para. 1 lit. c GDPR).
• To the extent necessary, we also process your data to protect our legitimate interests, in particular to assert legal claims and defend ourselves in legal disputes or to ensure IT security, to consult and exchange data with credit agencies to determine creditworthiness and default risks, for direct advertising and market research insofar as you have not objected to the use of your data for this purpose, for measures to manage business and further develop services and products, for measures to optimise products and sales, for measures to manage risk, to prevent or investigate criminal offences (Art. 6 para. 1 lit. f GDPR).

‍

Categories of recipients of personal data
Within our company, only those employees have access to the data who absolutely need it to perform their tasks (need-to-know principle). Individual processes and services are carried out by carefully selected service providers who are based within the EEA and who comply with data protection regulations. If service providers commissioned by us receive access to personal data when performing your services, order processing agreements have been concluded with them in accordance with Art. 28 (3) GDPR.

‍

Duration of data storage
The data processed by us is stored for the duration of the existence and processing of the contractual relationship and in compliance with statutory retention periods. These are, in particular, retention obligations under commercial and tax law in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO). The regular retention and documentation periods are up to ten years. If there is no contractual relationship, we only process the data for as long as the specific purpose requires.

‍

Your data subject rights
As a data subject, you have the following rights with regard to the personal data concerning you:

• Right to information about the data we process about you.
• Right to rectification or deletion if incorrect, out of date or unlawfully collected by us.
• Right to restriction of processing if complete deletion is not possible, e.g. because we have to comply with statutory retention obligations.
• Right to object to processing where the data processing is based on a balance of interests (the so-called legitimate interest), as described above under "Purpose of the processing". This is the case if the processing is in particular not necessary for the performance of a contract with you. When exercising your right to object, we ask you to explain the reasons why we should not process your data as we have done.

‍

Of course, you can also object to the processing of your personal data for advertising purposes at any time. To do so, send your objection to our address given in the imprint or write us an e-mail to the address given in the imprint.

• Right of revocation if you have given us consent to process your data. You can assert your right of revocation against our company at any time without giving reasons. To do so, please contact us at the address given in the imprint.
• In addition, you have the right to complain to a data protection supervisory authority about the processing of your personal data by our company.

‍

If you have any questions regarding data protection, please contact us by e-mail at the address given in the imprint.

‍

Cookies

Cookies are small text files that are sent by us to the browser of your end device when you visit our website and are stored there. As an alternative to the use of cookies, information can also be stored in the local storage of your browser. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, however, enable us to carry out various analyses, so that we are able, for example, to recognise the browser you are using when you visit our website again and to transmit various information to us (non-essential cookies). With the help of cookies, we can, among other things, make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programs or contain viruses.

We provide information about the respective services for which we use cookies in the individual processing operations. Detailed information on the cookies used can be found in the cookie settings or in the Consent Manager of this website.

‍

Your rights

Under the conditions of the statutory provisions of the General Data Protection Regulation (GDPR), you have the following rights as a data subject:

• Information pursuant to Art. 15 GDPR on the data stored about you in the form of meaningful information on the details of the processing as well as a copy of your data;
• Correction according to Art. 16 GDPR of incorrect or incomplete data stored by us;
• Deletion pursuant to Art. 17 GDPR of the data stored by us, insofar as the processing is not necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;
• Restriction of processing pursuant to Art. 18 GDPR, insofar as the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you object to their deletion because you need them for the assertion, exercise or defence of legal claims or you have objected to the processing pursuant to Art. 21 GDPR.
• Data portability pursuant to Art. 20 GDPR, insofar as you have provided us with personal data within the scope of consent pursuant to Art. 6 Para. 1 lit. a GDPR or on the basis of a contract pursuant to Art. 6 Para. 1 lit. b GDPR and these have been processed by us with the aid of automated procedures. You will receive your data in a structured, common and machine-readable format or we will transfer the data directly to another responsible party, insofar as this is technically feasible.
• Objection according to Art. 21 GDPR against the processing of your personal data, insofar as this is carried out on the basis of Art. 6 Para. 1 lit. e, f GDPR and there are reasons for this which arise from your particular situation or the objection is directed against direct advertising. The right to object does not exist if overriding compelling legitimate grounds for the processing can be demonstrated or the processing is carried out for the assertion, exercise or defence of legal claims. Where the right to object does not exist for individual processing operations, this is indicated there.
• Revocation pursuant to Art. 7 (3) GDPR of your consent with effect for the future.
• Complain to a supervisory authority pursuant to Art. 77 GDPR if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.

‍

Data processing in detail

In the following, we inform you about the individual processing operations, the scope and purpose of the data processing, the legal basis, the obligation to provide your data and the respective storage period. An automated decision in individual cases, including profiling, does not take place.

‍

Provision of the website

When you call up and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Website from which the access is made (referrer URL)
• Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider.

‍

Our website is not hosted by ourselves, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR for the purpose of providing the website.

The hoster is used for the purpose of contract fulfilment vis-à-vis our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR).

We use the following hoster:

IONOS SE
Elgendorfer Str. 57
56410 Montabaur

‍

Contact form

Nature and scope of the processing

When you send us enquiries (e.g. via contact form, e-mail or telephone), we store all data resulting from this (e.g. name, e-mail address, subject of the enquiry, etc.). We need this data to process your enquiry and to be able to answer follow-up questions. We do not pass on this data without your consent.

‍

Purpose and legal basis

The processing of this data is based on Art. 6 (1) lit. b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. Otherwise, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if you have given it beforehand.

‍

Storage period

The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your enquiry). Mandatory legal provisions - in particular retention periods - remain unaffected.

‍

Presence on social media platforms

Data processing by social networks

We operate publicly accessible profiles on social networks. You can find the social networks we use in detail below.

Social networks such as Facebook, Twitter etc. can generally analyse your user behaviour extensively. By visiting our social media presences, the following data protection-relevant processing operations are triggered:

If you are logged into your social media account and visit our profile, the operator of this social medium can track this visit. Independently of this, the operator may also process your data (e.g. IP address) under certain circumstances if you are not logged into your account or you do not have an account at all.

The operator summarises this data in user profiles in which your preferences and interests are stored. These profiles are used to display personalised advertising inside and outside the respective social media presence. If you have an account with the respective social network, the personalised advertising can be displayed on all devices on which you are or were logged in.

Depending on the platform, further processing operations may be carried out by the operators of the social media portals; we have no influence on this. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

‍

Legal basis

Our social media presences are intended to ensure the most comprehensive possible presence on the internet within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes carried out by the operators of the social networks may be based on different legal bases, which are to be specified by the respective providers.

‍

Responsible person and assertion of rights

If you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. Facebook).

Despite the joint responsibility with the social media portal operators, we have no full influence on the data processing procedures of the portals. Our options are largely determined by the corporate policy of the respective provider.

‍

Storage period

The data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Mandatory legal provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of the data collected by the social networks. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

‍

Instagram page

Our company has a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

For further information on the handling of your personal data, please refer to Instagram's privacy policy: https://help.instagram.com/519522125107875.

The company is certified according to the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA, which aims to ensure compliance with European data protection standards for data processing in the USA. Certification under the DPF obliges companies to comply with these data protection standards. You can find more information at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnywAAC&status=Active

‍

LinkedIn page

Our company has a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you would like to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For further information on the handling of your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

‍

AWS CloudFront

Nature and scope of the processing

We use AWS CloudFront to properly deliver the content on our website. AWS CloudFront is a service provided by Amazon Web Services, Inc. which acts as a Content Delivery Network (CDN) on our website.

A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Amazon Web Services, Inc., whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed solely for the above purposes and to maintain the security and functionality of AWS CloudFront.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision and optimisation of our online offer pursuant to Art. 6 para. 1 lit. f. GDPR.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the U.S. takes place in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where no European Commission adequacy decision exists (including U.S. companies that are not certified under EU-U.S. DPF), we have agreed with the recipients of the data on otherwise appropriate safeguards within the meaning of Art. 44 et seq. GDPR. These are - unless otherwise stated - standard contractual clauses of the EU Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 Para. 1 Sentence 1 lit. a. GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be unknown risks in detail (e.g. data processing by security authorities of the third country, the exact scope of which and its consequences for you we do not know, over which we have no influence and of which you may not become aware).

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Amazon Web Services, Inc. Further information can be found in the privacy policy for AWS CloudFront: https://aws.amazon.com/de/privacy/.

‍

Cookiebot

Nature and scope of the processing

Our website uses the consent technology of Cookiebot to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter "Cookiebot").

When you enter our website, a connection is established to the servers of Cookiebot in order to obtain your consent and other declarations regarding the use of cookies. Cookiebot then stores a cookie in your browser in order to be able to allocate the consents granted to you or their revocation.

‍

Purpose and legal basis

Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 para. 1 lit. c GDPR.

‍

Storage period

The data collected in this way is stored until you request us to delete it, delete the Cookiebot cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

‍

Job processing

We have concluded a contract on order processing (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Cookiebot CDN

Nature and scope of the processing

We use Cookiebot CDN to properly deliver the content of our website. Cookiebot CDN is a service provided by Cybot A/S, which acts as a content delivery network (CDN) on our website to ensure the functionality of other Cybot A/S services. For said services you will find a separate section in this privacy policy. This section only deals with the use of the CDN.

A CDN helps to provide content of our online offer, in particular files such as graphics or scripts, more quickly with the help of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark, whereby your IP address and possibly browser data such as your user agent are transmitted. This data is processed exclusively for the purposes mentioned above and to maintain the security and functionality of Cookiebot CDN.

Purpose and legal basis

The use of the Content Delivery Network is based on our legitimate interests, i.e. interest in a secure and efficient provision and optimisation of our online offer pursuant to Art. 6 para. 1 lit. f. GDPR.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Cybot A/S. Further information can be found in the privacy policy for Cookiebot CDN: https://www.cookiebot.com/de/privacy-policy/.

‍

Google Analytics

Nature and scope of the processing

We use Google Analytics services and functions on this website, which are offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google Analytics, we as website operators can determine how our website is used. As part of the analysis, we find out how often our website is accessed, how long visitors stay on the page and which devices or systems they use to access the website. In addition, we may use Google Analytics to track your mouse movements and clicks. This information may be stored and used by Google to build a profile about you. In doing so, Google Analytics uses machine learning technologies to analyse and supplement your data. Furthermore, Google Analytics uses technologies to recognise website visitors in order to analyse user behaviour. The processing of the collected data usually takes place on Google servers in the USA.

‍

Purpose and legal basis

When using Google Analytics, we rely on Art. 6 (1) lit. f GDPR as the legal basis for the storage and analysis of personal data, as we have a legitimate interest in analysing the use of our website. This enables us to optimise our online presence and offers for you. If you have previously given your consent to the processing of data on this website by Google Analytics, the processing of your data takes place solely on the legal basis of Art. 6 (1) lit. a GDPR. You can revoke your consent at any time.

The transfer of your personal data to the USA is based on the standard contractual clauses of the EU Commission. You can find more information on this at https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymisation

When using Google Analytics on this website, we use a function whereby Google shortens your IP address before it is transmitted to Google servers in the USA. This only happens if you are in the European Union or in a country of the European Economic Area. Your full IP address will only be transmitted to the USA in exceptional cases and then shortened there. Google Analytics uses this information to track how you use our website. Your IP address will not be merged with any other data held by Google.

Browser plugin

You can prevent Google from collecting and processing data about you. To do this, you must download the browser plugin at https://tools.google.com/dlpage/gaoptout?hl=de and install it in your browser.

You can find more information on the processing of user data in the Google Analytics privacy policy at https://support.google.com/analytics/answer/6004245?hl=de.

Job processing

When using Google Analytics, we comply with the strict regulations of the German data protection authorities, as we have concluded an order processing contract with Google.

Storage period

Google stores data linked to cookies, user IDs or advertising IDs. This data is stored for two months and then anonymised or deleted. You can find more information about the storage period or the deletion of your data at https://support.google.com/analytics/answer/7667196?hl=de.

‍

Google CDN

Nature and scope of the processing

We use the content delivery network Google Cloud CDN. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

A CDN enables us to deliver some content quickly, especially large media files. This is done via a network of regionally distributed servers connected via the internet.

Purpose and legal basis

The use of Google Cloud CDN is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f GDPR).

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://cloud.google.com/terms/eu-model-contract-clause.

You can find more information about Google Cloud CDN here: https://cloud.google.com/cdn/docs/overview?hl=de.

Job processing

To ensure that personal data is processed according to our specifications and in compliance with the GDPR, we have concluded a contract on commissioned processing (GCP) with the provider.

‍

Google Fonts

Nature and scope of the processing

This website uses web fonts for the uniform display of fonts. These are provided by Google. Your browser loads the required web fonts into your browser cache when you call up the page so that texts and fonts are displayed correctly. For this purpose, the browser you are using establishes a connection to Google's servers. Google thereby gains knowledge of your IP address.

If your browser does not support web fonts, a standard font from your computer will be used.

You can find more information about Google Web Fonts here: https://developers.google.com/fonts/faq.

You can find Google's privacy policy here: https://policies.google.com/privacy?hl=de.

‍

Purpose and legal basis

The use of Google Web Fonts is based on our legitimate interest in a uniform presentation of the typeface of our website (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested (e.g. consent to the storage of cookies), the data is processed exclusively on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. This can be revoked at any time.

‍

Google Tag Manager

Nature and scope of the processing

We use services and functions from Google Tag Manager on this website, which are offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to use other tools on our website. It does not create user profiles, it does not store cookies and it does not perform independent analysis. However, it does collect your IP address and may transmit it to the US. The Google Tag Manager itself is only used to manage these tools that are integrated through it.

‍

Purpose and legal basis

When using the Google Tag Manager on this website, we rely on Art. 6 (1) lit. f GDPR as the legal basis, as we have a legitimate interest in implementing and directing tracking tools on this website easily and quickly. If you have previously given your consent to data processing on this website by Google Tag Manager, the processing of your data will take place solely on the legal basis of Art. 6 (1) lit. a GDPR. You can revoke your consent at any time.

‍

Google reCAPTCHA

Nature and scope of the processing

This website uses Google reCAPTCHA. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of reCAPTCHA, the data entry (e.g. in a contact form) on this website is to be checked. Specifically, whether this is done by a human or by an automated programme. Google reCAPTCHA analyses the behaviour of the visitor to the website on the basis of various characteristics. The analysis begins automatically as soon as the visitor calls up the website. The data collected during the analysis, such as the IP address, the time spent on the website by the visitor or the mouse movements made, are forwarded to Google.

Visitors to the website are not informed that an analysis is taking place, these run completely in the background.

You can find Google's privacy policy and terms of use at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.

‍

Purpose and legal basis

The storage and analysis of the data is based on our legitimate interest in protecting our web offers from abusive automated spying and from SPAM (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the data is processed exclusively on the basis of your consent in accordance with Art. 6 Para. 1 lit. a GDPR. This consent can be revoked at any time.

‍

Webflow

Nature and scope of the processing

Our website was created using the Webflow website building system. Webflow is a service of Webflow, Inc. and offers web development technology, web design and layout tools, domain hosting and other applications for marketing and workflow management.

We use Webflow, among other things, for web hosting and the presentation of our website. In addition, Webflow collects statistical data about visits to our website.

The following data is usually transmitted: the website accessed, the date and time of access, the volume of data transmitted, whether a request was successful, the browser type and version, the user's operating system, the website previously visited (referrer) and the IP address.

These log data are processed exclusively for the above-mentioned purposes, as well as for maintaining the security, functionality and optimisation of the Webflow offer.

‍

Purpose and legal basis

The use of the service is based on our legitimate interests, i.e. interest in a secure and efficient provision, as well as the optimisation of our online offer pursuant to Art. 6 para. 1 lit. f. GDPR.

‍

Storage period

The concrete storage period of the processed data cannot be influenced by us, but is determined by Webflow, Inc. Further information can be found in the data protection declaration for Webflow: https://webflow.com/legal/privacy.

‍