Privacy Policy

We are delighted that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to take this opportunity to inform you about which of your personal data we collect when you visit our website and for what purposes it is used. Personal data refers to individual details about the personal or factual circumstances of an identified or identifiable natural person (data subject), e.g. name, address, email addresses, user behaviour. This is therefore data that we can use to identify you. In addition, you will also find occasional information here about data processing procedures outside this website (e.g. video conferences or newsletters).

Responsible for data processing

Data controller

For the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

WestWood® Kunststofftechnik GmbH
An der Wandlung 20
32469 Petershagen
Telephone: +49 5702 8392-0
Email: info@westwood.de

Data protection officer

exkulpa gmbh
Waldfeuchterstr. 266
52525 Heinsberg
Telephone: +49 2452 / 99 33 11
Email datenschutz@westwood.de

General information

In addition to the data that you actively provide to us on this page (e.g. via our contact form), we collect some technical data. This so-called metadata is automatically transmitted from your computer to our servers as soon as you enter our website (including browser, operating system or timestamp). We use this data to ensure that our website is displayed correctly. In addition, we may collect data via integrated third-party providers (e.g. for external media such as map services or analysis tools). We will explain the individual purposes and legal bases in the course of this privacy policy.

Retention period

Unless a separate storage period is specified in this privacy policy, we will store your personal data for as long as the purpose of the data processing at exists. If you contact us with a legitimate request for deletion or revoke your consent, we will delete your data. Statutory retention obligations remain unaffected.

Legal basis for data processing

If you have consented to data processing, your personal data will be processed on the basis of Art. 6 (1) (a) GDPR or Art. 9 (2) (a) GDPR if special categories of data are processed in accordance with Art. 9 (1) GDPR. If you have expressly consented to the transfer of personal data to third countries, the data will also be processed in accordance with Art. 49(1)(a) GDPR. If you have consented to the storage of cookies or access to information on your end device (e.g. through device fingerprinting), data processing will also take place on the basis of Section 25(1) TDDDG. Your consent can be revoked at any time. If your data is necessary for the performance of a contract or for the implementation of pre-contractual measures, we process your data in accordance with Art. 6 (1) lit. b GDPR. In addition, we process your data if this is necessary to fulfil a legal obligation, on the basis of Art. 6 (1) lit. c GDPR. Data processing may also take place on the basis of our legitimate interest in accordance with Art. 6 (1) lit. f GDPR. The following sections of this privacy policy will inform you about the respective legal basis in individual cases.

Note on data transfer to third countries and US companies without DPF certification

Please note that we use tools from companies based in third countries or the US that are not covered by the EU-US Privacy Shield Framework (DPF) and where data protection is not guaranteed. When using these tools, your personal data may be transferred to these countries and processed there. Please note that in these third countries, a level of data protection comparable to that in the EU cannot be guaranteed.

We would like to clarify that the USA generally offers a level of data protection comparable to that of the EU. The transfer of data to the USA is permitted if the recipient has DPF certification or provides appropriate additional safeguards. Information about data transfers to third countries, including data recipients, can be found in our privacy policy.

Automated decision-making

Your personal data will not be processed for the purpose of automated decision-making.

Your rights

As a data subject under the General Data Protection Regulation (GDPR), you have the following rights:

• Right of access: You have the right to request confirmation from us as to whether your personal data is being processed and, if so, to receive further information about the processing and copies of the data being processed (Art. 15 GDPR).
• Right to rectification: You have the right to request the immediate rectification of inaccurate personal data concerning you and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).
• Right to erasure: You have the right to request the immediate erasure of personal data concerning you if the legal requirements are met, in particular if the data is no longer necessary for the purposes pursued and the processing is unlawful (Art. 17 GDPR).
• Right to restriction of processing: You have the right to request that we restrict the processing of your personal data if the legal requirements are met, in particular if you dispute the accuracy of the data, the processing is unlawful and you refuse to have it erased (Art. 18 GDPR).
• Right to data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transmit this data to another controller without hindrance from us, provided that this is technically feasible (Art. 20 GDPR).
• Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, if the processing is based on Art. 6(1)(e) or (f) GDPR (Art. 21 GDPR).
• Right to withdraw consent: You have the right to withdraw your consent to the processing of personal data at any time with effect for the future. The withdrawal of your consent does not affect the lawfulness of the processing carried out on the basis of your consent until withdrawal (Art. 7(3) GDPR).
• Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR (Art. 77 GDPR).            

Further data processing procedures

General information obligations

This information is intended for customers, interested parties, suppliers and employees. We process your personal data for the following purposes:

• To fulfil our contractual obligations towards you (Article 6(1)(b) of the GDPR).
• To carry out pre-contractual obligations (Art. 6(1)(b) GDPR).
• To respond to enquiries (Art.6(1)(b) GDPR).
• Where you have given us your consent to process your personal data for specific purposes (such as to receive our newsletter), data processing takes place on the basis of your consent (Art.6(1)(a) GDPR).
• To comply with legal obligations to which our company is subject (Art. 6(1)(c) GDPR).
• Where necessary, we also process your data to safeguard our legitimate interests, in particular to assert legal claims and defend ourselves in legal disputes, or to ensure IT security; to consult with and exchange data with credit reference agencies to assess creditworthiness and default risks; for direct marketing and market research, provided you have not objected to the use of your data for this purpose; in connection with measures for business management and the further development of services and products, in connection with measures for product and sales optimisation, in connection with risk management measures, and for the prevention or investigation of criminal offences (Art. 6(1)(f) GDPR).
  ‍

Categories of recipients of personal data

Within our company, only those employees who absolutely need the data to perform their tasks have access to it (need-to-know principle). Individual processes and services are carried out by carefully selected service providers who are commissioned in accordance with data protection regulations and are based within the EEA. If service providers commissioned by us have access to personal data when performing their services, data processing agreements have been concluded with them in accordance with Art. 28 (3) GDPR.

Duration of data storage

The data we process is stored for the duration of the existence and execution of the contractual relationship and in compliance with statutory retention periods. These are, in particular, commercial and tax law retention obligations under the German Commercial Code (HGB) and the German Fiscal Code (AO). The regular retention and documentation periods are up to ten years. If no contractual relationship is established, we only process the data for as long as the specific purpose requires.

Cookies

Cookies are small text files that are stored by your browser on your device to store certain information during your use of the website. Cookies enable us to improve various aspects of our website and make your visit more convenient.

There are different types of cookies that serve different purposes. Temporary cookies, also known as session cookies, are only stored for the duration of your use of the website and are automatically deleted when you close your browser. Persistent cookies, on the other hand, remain stored on your device for a longer period of time and enable us to recognise you and your preferences when you visit the website again.

Cookies can also be divided into first-party cookies and third-party cookies. First-party cookies are set by our website, while third-party cookies are set by other websites or service providers whose content is integrated into our website, such as plugins or analysis tools.

Cookies are used for various purposes, for example to ensure the functionality of the website, to store user settings, to compile anonymous statistics on user behaviour or to display personalised content and advertising. The legal basis for the use of cookies varies depending on the purpose of the cookies. In some cases, the setting of cookies is based on your legitimate interest pursuant to Art. 6(1)(f) GDPR in order to make our website functional and user-friendly. As a website operator, we have a legitimate interest in storing necessary cookies for the technically error-free and optimised provision of our services. If we obtain your consent for the use of cookies, processing is based on Art. 6 (1) lit. a GDPR in conjunction with § 25 (1) TDDDG. Your consent can be revoked at any time.

Consent with Cookiebot

Our website uses Cookiebot's consent technology to obtain your consent to the storage of certain cookies on your device or to the use of certain technologies and to document this in accordance with data protection regulations. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter "Cookiebot").

When you visit our website, a connection is established to Cookiebot's servers in order to obtain your consent and other declarations regarding the use of cookies. A cookie is set in your browser in order to assign and document your consent or revocation. This data is stored until you delete the cookie, request us to delete the data, or the purpose for data processing no longer applies. Statutory retention obligations remain unaffected.

Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 (1) lit. c GDPR.

Data processing

To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.

Data processing in detail

Below, we provide information on the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data and the respective retention period. No automated decision-making, including profiling, takes place in individual cases.
‍

Provision of the website

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the file accessed
• Website from which the access is made (referrer URL)
• The browser used and, where applicable, your computer’s operating system, as well as the name of your internet service provider

Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf for the purpose of providing the website, in accordance with Article 28 of the GDPR.

The use of the hosting provider is for the purpose of fulfilling our contractual obligations towards our potential and existing customers (Article 6(1)(b) GDPR) and in the interest of a secure, fast and efficient provision of our online services by a professional provider (Article 6(1)(f) GDPR).

We use the following hosting provider:

IOK GmbH & Co. KG
Brockweg 17
33415 Verl

‍

Contact form

Type and scope of processing

When you send us enquiries (e.g. via the contact form, email or telephone), we store all the data that this generates (e.g. name, email address, subject of the enquiry, etc.). We need this data to process your enquiry and to be able to answer any follow-up questions. We do not pass on this data without your consent.

Purpose and legal basis

The processing of this data is based on Article 6(1)(b) of the GDPR, provided that your enquiry relates to the performance of a contract or is necessary for the implementation of pre-contractual measures. Otherwise, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Article 6(1)(f) of the GDPR) or on your consent (Article 6(1)(a) of the GDPR) if you have previously given it.

Retention period

The data you enter in the contact form will remain with us until you request its deletion, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. once your enquiry has been processed). Mandatory legal provisions – in particular retention periods – remain unaffected.

‍

Presence on social media platforms

We operate public profiles on various social networks via our website. You can find more detailed information on the social networks we use in the relevant sections of our privacy policy.
‍
Social networks such as Facebook, Twitter and others can comprehensively analyse your user behaviour when you visit their websites or a website with integrated social media content (e.g. ‘Like’ buttons or advertising banners). Visiting our social media pages triggers numerous data processing operations relevant to data protection:
‍
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can link this visit to your user account. However, your personal data may also be collected even if you are not logged in or do not have an account with the relevant social media portal. In this case, data collection takes place, for example, via cookies stored on your device or by recording your IP address.
‍
Using the data collected in this way, the operators of the social media platforms can create user profiles containing your preferences and interests. This enables interest-based advertising to be displayed to you both on and off the respective social media platform. If you have an account with the relevant social network, interest-based advertising may be displayed on all devices on which you are logged in or have been logged in.
‍
Please note that we cannot track all processing activities on social media platforms. Depending on the provider, further processing operations may therefore be carried out by the operators of the social media platforms. For details, please refer to the terms of use and privacy policies of the respective social media platforms.

Legal basis for data processing

Our social media presence serves to ensure the most comprehensive online presence possible. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which must be specified by the operators of the social networks (e.g. consent within the meaning of Article 6(1)(a) of the GDPR.

Data controller and exercising of rights

When you visit our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).

Despite our joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Duration of data storage

Data collected directly by us via our social media presence will be deleted from our systems as soon as you request us to delete it, withdraw your consent to its storage, or the purpose for storing the data no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.
‍
We have no control over how long your data is stored by the operators of social networks for their own purposes. For further details, please contact the operators of the social networks directly (e.g. via their privacy policy, see below).

Instagram page

Our company has a profile on Instagram. This service is provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The company is certified under the EU-US Data Privacy Framework (DPF), an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US. Certification under the DPF obliges companies to comply with these data protection standards.

Data transfers to the United States are based on the EU Commission's standard contractual clauses. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 and https://de-de.facebook.com/help/566994660333381.

For further information on how your personal data is handled, please refer to Instagram’s privacy policy: https://help.instagram.com/519522125107875.

LinkedIn page

Our company has a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

The company is certified under the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to adhere to these data protection standards.

Data transfers to the US are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
‍
For further information on how your personal data is handled, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

‍

Services and tools used

AWS CloudFront

Nature and scope of data processing

AWS CloudFront acts as a Content Delivery Network (CDN) on our website, which means it helps us to make content from our online offering – such as graphics or scripts – available quickly and efficiently. When you access this content, a connection is established with the servers of Amazon Web Services, Inc. Data such as your IP address and possibly browser data is transmitted in the process and used exclusively to ensure the security and functionality of AWS CloudFront and to provide the aforementioned content. Further information can be found in the AWS CloudFront privacy policy: https://aws.amazon.com/de/privacy/.

Legal basis

‍We use services and functions from AWS CloudFront on our website, provided by Amazon Web Services, Inc.

We use AWS CloudFront on the basis of Article 6(1)(f) of the GDPR. Our legitimate interest in doing so is to ensure the secure and efficient presentation and provision of our online services.
The company is certified under the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards.
Data transfers to the USA are based on the EU Commission’s Standard Contractual Clauses. Further details can be found here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.
Further information on Amazon CloudFront CDN can be found here: https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice__German_Translation.pdf.

Dataprocessing

To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.

‍

Google reCAPTCHA

This website uses Google reCAPTCHA. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

‍Nature and scope of data processing

‍reCAPTCHA is used to verify data entry (e.g. in a contact form) on this website. Specifically, it checks whether the entry is made by a human or by an automated programme. Google reCAPTCHA analyses the behaviour of the website visitor based on various characteristics. The analysis begins automatically as soon as the visitor accesses the website. The data collected during the analysis, such as the IP address, the duration of the website visitor’s stay or the mouse movements made, is forwarded to Google.
Website visitors are not notified that an analysis is taking place; these processes run entirely in the background.

Legal basis

The storage and analysis of the data is based on our legitimate interest in protecting our web services from abusive automated spying and from SPAM (Art. 6(1)(f) GDPR). If consent has been requested, the processing of data takes place exclusively on the basis of your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. This consent may be withdrawn at any time.
You can find Google’s privacy policy and terms of service at the following links: https://policies.google.com/privacy?hl=de and https://policies.google.com/terms?hl=de.
The company is certified under the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the US that aims to ensure compliance with European data protection standards when processing data in the US. Certification under the DPF obliges companies to comply with these data protection standards. For further information, please visit: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

‍

‍Google API

‍On our website, we use the services and functions of Google APIs, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

‍Nature and scope of data processing

‍Google APIs allow us to access additional services and data from Google. When using these services, your IP address is transmitted to Google Ireland Limited. Please note that we provide specific information in our privacy policy for each additional Google service we use. Further information on Google APIs and data protection can be found in Google’s privacy policy: https://policies.google.com/privacy.

‍Legal basis

‍We use Google APIs based on our legitimate interests (i.e., the interest in optimising our online offering), in accordance with Article 6(1)(f) of the GDPR. Where we seek consent (e.g. consent to the storage of cookies), data processing takes place exclusively on the basis of Article 6(1)(a) of the GDPR; you may withdraw this consent at any time.

‍Data processing

‍To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.

‍Google Fonts

Nature and scope of data processing

This website uses web fonts to ensure consistent display of fonts provided by Google. When you visit the site, your browser loads the required web fonts into your browser cache so that text and fonts are displayed correctly. To do this, the browser you are using at establishes a connection to Google’s servers. As a result, Google becomes aware of your IP address.

‍Legal basis

‍The use of Google Web Fonts is based on our legitimate interest in ensuring a consistent display of the typography on our website (Art. 6(1)(f) GDPR). If consent has been requested (e.g. consent to the storage of cookies), the processing of data takes place exclusively on the basis of your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. This consent may be withdrawn at any time. If your browser does not support Web Fonts, a standard font from your computer will be used. Further information on Google Web Fonts can be found here: https://developers.google.com/fonts/faq. Google’s privacy policy can be found here: https://policies.google.com/privacy?hl=de.
‍
The company is certified under the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards. Further information is available at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active

Gstatic

On this website, we use features of Gstatic, aservice provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin4, Ireland.

‍Nature and scope of data processing

‍Gstatic is a service provided by Google to speed up the loading of web pages. Gstatic stores website resources such as images, CSS and JavaScript files on its servers in order to deliver them to the user more quickly when the page is visited again. During this data processing, technical information, such as your IP address and technical details of your browser, is transmitted to Gstatic.
The user profiles created by Gstatic are pseudonymised and cannot be traced directly back to you as an individual.
Further information on this can be found in Google’s privacy policy: https://policies.google.com/privacy.

‍Legal basis

‍The use of Gstatic on this website is based on your consent in accordance with Article 6(1)(a) of the GDPR in conjunction with Section 25(1) of the TTDSG. You have the right to withdraw your consent at any time.
‍
The company is certified under the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards. Further information is available from the at:  https://www.dataprivacyframework.gov/s/participant-search/participant-detail?id=a2zt000000001L5AAI&status=Active

‍Data processing

‍To ensure that personal data is processed in accordance with our specifications and in compliance with the GDPR, we have entered into a data processing agreement (DPA) with the provider.

‍Google Tag Manager

On this website, we use services and functions provided by Google Tag Manager, which is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that enables us to use other tools on our website. It does not create user profiles, does not store cookies and does not carry out independent analyses. However, your IP address is recorded and may be transferred to the USA. Google Tag Manager itself is used solely for the management of these tools, which are integrated via it.

Purpose & Legal Basis

When using Google Tag Manager on this website, we rely on Article 6(1)(f) of the GDPR as the legal basis, as we have a legitimate interest in implementing and managing tracking tools on this website quickly and easily. If you have previously given your consent to data processing on this website via Google Tag Manager, the processing of your data takes place solely on the legal basis of Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. You may withdraw your consent at any time.
The company is certified under the "EU-US Data Privacy Framework" (DPF), an agreement between the European Union and the USA which aims to ensure compliance with European data protection standards when processing data in the USA. Certification under the DPF obliges companies to comply with these data protection standards. Further information is available at: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
‍

Webflow

Natureand scope of processing

Our website was created using the Webflow website builder. Webflow is a service provided by Webflow, Inc. and offers web development technology, web design and layout tools, domain hosting and other applications for marketing and workflow management.
We use Webflow for web hosting and to display our website, amongst other things. In addition, Webflow collects statistical data regarding visits to our website.
The following data is generally transmitted: the website accessed, the date and time of access, the amount of data transferred, a notification as to whether the access was successful, browser type and browser version, the user’s operating system, the previously visited website (referrer) and the IP address.

This log data is processed exclusively for the purposes mentioned above, as well as to maintain the security and functionality of Webflow and to optimise its services.

‍Purposeand legal basis

‍The use of the service is based on our legitimate interests, i.e. our interest in the secure and efficient provision and optimisation of our online service in accordance with Article 6(1)(f) of the GDPR.

‍
Retention period

‍We have no influence over the specific retention period of the processed data; this is determined by Webflow, Inc. Further information can be found in the Webflow Privacy Policy: https://webflow.com/legal/privacy.