Privacy Policy

 

Willi Hahn GmbH considers the protection of your personal data and personal rights to be particularly important. We respect and comply with the legal regulations pertaining to data protection and data security as a matter of course.

The term ‘personal data’ covers any and all details pertaining to your person, such as your title, first name, last name, address, telephone number, fax, e-mail address, IP address, etc. We would like to provide you with information regarding when we collect which items of personal data pertaining to you, as well as how we use this personal data.

CONTROLLER

The controller as per article 4 section 7 of the EU General Data Protection Regulation (GDPR) is

Willi Hahn GmbH
Sasbachwaldener Str. 72
D-77880 Sasbach

Tel. +49 7841 648-0
E-Mail: info@wiha.solutions

Executive board: Philipp Bleich, Dr.-Ing. Dirk Eichin

If you have any questions or concerns regarding data protection, please send an e-mail to the data protection officer datenschutz@wiha.solutions; alternatively, you can also send a letter by post to Data protection officer, Willi Hahn GmbH, Sasbachwaldener Str. 72, D-77880 Sasbach

USE AND FORWARDING OF PERSONAL DATA

If you have provided us with personal data, we shall only use this data to address your inquiries, to facilitate technical administration and (if you have approved of such a course of action) for our marketing operations. Your personal data shall only be forwarded or otherwise transferred to third parties if such a course of action is necessary for purposes related to contract processing (this applies in particular to situations in which order data is forwarded to suppliers) or billing, if we are legally obligated to do so, or if you have approved of such a course of action in advance.

You always have the right to revoke consent (which has been granted) for the future.

The saved personal data is deleted if you revoke your consent for storage, if knowledge of the said data is no longer required for the fulfillment of the purpose of storage (i.e. the procedure in question has been concluded), if the situation does not involve any legal deletion time limits that run counter to the aforementioned action, or if the storage of the data is impermissible because of other legal reasons. If the data cannot be deleted, it shall remain locked against further processing until the expiry of the respective legal deletion time limits.

RIGHTS OF DATA SUBJECTS

When it comes to the personal data pertaining to you, you have the following rights (article 13 et seqq. of the GDPR) vis-a-vis us:

  • Right to information,
  • Right to rectification or erasure,
  • Right to limitation of processing,
  • Right to object to processing,
  • Right to data portability.

Furthermore, you also have the right to contact a data protection supervisory authority and complain about the manner in which we process your personal data. In case of Baden-Wuerttemberg, the data protection supervisory authority is:

  • The State Data Protection and Freedom of Information officer
  • Office address: Lautenschlagerstraße 20, D-70173 Stuttgart, Germany
  • Postal address: P.O. Box 10 29 32, D-70025 Stuttgart, Germany
  • Tel.: 0711/615541-0, FAX: 0711/615541-15,
  • E-mail: poststelle@lfdi.bwl.de

SECURITY ADVICE

We try our best to implement all the necessary technical and organizational options in order to store your personal data in a manner that ensures that it cannot be accessed by third parties. If an unencrypted e-mail is used for communication, we cannot guarantee complete data security. We therefore request you to use the postal route if the situation involves confidential information.

AUTOMATED DECISION MAKING

We do not use automated processing that leads to automated decision making/profiling regarding your person.

DATA TRANSFER TO THIRD COUNTRIES

Data will only be transferred to countries outside the EU/EEA (so-called third countries) if this is necessary for the purposes of our international corporate management or if it is required by law, if you have given us your consent or if we are processing your order.

If service providers are used in third countries, they are obliged to comply with the data protection level in Europe in addition to written instructions by the agreement of the EU standard contractual clauses.

 

DATA PROTECTION INFORMATION FOR WEBSITE VISITORS

COLLECTION AND PROCESSING OF DATA

By sending us your personal data, you accept the fact that your data shall be collected, processed and used in accordance with this data protection declaration. This can take place in the following ways:

WEBSITE ACCESS

Each operation in which our home page is accessed is logged, along with each operation in which a file that has been deposited on the home page is accessed. This storage operation serves internal system-related purposes. The following things are logged:

  • IP address
  • Date and time of the query
  • Time zone difference to Greenwich Mean Time (GMT)
  • Contents of the request (specific page)
  • Access status/HTTP status code
  • Quantity of data transferred
  • Website from which the request originates
  • Browser
  • Operating system and its user interface
  • Language and version of the browser software.

This log is only accessed in situations involving security breaches, in order to facilitate prosecution; this data is stored for 10 weeks. Personal user profiles are not created!

CONTACT FORM

If you use our website to contact us, we shall use our contact form to collect various pieces of personal data from you. The mandatory fields that make it possible to process your inquiry in conjunction with a minimal amount of required data pertaining to you are as follows:

  • Name,
  • E-mail address,
  • Subject.

This data (which is specified by you) is used to create an unencrypted e-mail with the help of an application featuring a temporary storage facility; this e-mail is sent to us when you submit your inquiry. We would like to point out that the e-mail is unencrypted; consequently, please ensure that you do not use this channel to communicate any confidential data or information. Alternatively, you can also reach us through your e-mail application info@wiha.solutions.

COOKIES

Several parts of the websites use so-called ‘cookies’. A cookie is a data element that a website sends to your browser. The website sends it to your browser in order to store it on your system as an identifier that identifies your system. Cookies are frequently used merely to gauge the use (number of visitors and duration of a visit) and effectiveness (topics that the user is most interested in) of a website, and to simplify navigation or usage. As such, they are not linked with personal data. However, they can also be used to personalize the website experience of a known visitor. In such a case, a connection to the user can be generated by correlating profile information or user settings. Over the course of time, this information provides us with valuable insights, which in turn make it possible for us to improve the user experience offered by a website.

Cookies are usually sub-divided into session cookies and permanent cookies. Session cookies make it possible for you to navigate through the website in an efficient manner. The cookies trace your path through the individual web pages, so that you will not be asked to enter information that you have recently (i.e. during the same visit) entered on the website in question. Session cookies are stored in the temporary memory, and they are deleted as soon as the web browser is closed. On the other hand, permanent cookies save user settings for the current visit to the website, as well as future visits. They are saved on your hard drive, and continue to be valid when you re-start the browser. For example, we use permanent cookies to record your language selection and country specification.

Since the required (the most basic functions of the website) and functional (analysis of website usage for service improvement) cookies make it possible for you to use certain functions of our website, we recommend that you do not deactivate them in a general sense in your browser settings. In case your browser allows you to prohibit third-party cookies (so-called marketing cookies or targeting cookies, which are used to display advertisements and track your path through the internet), the use of such a facility will not impair the functionality of our website

Data protection declaration – Google Maps

This website uses the Google Maps product, which is provided by Google Inc. By using this website, you accept the fact that the automatically-collected data shall be acquired, processed and used by Google Inc., its representatives and third parties.

USE OF WEB ANALYSIS PROGRAMMES

GOOGLE ANALYTICS

We use Google Analytics to analyze website usage. The data obtained from this is used to optimize our website and marketing measures.

Google Analytics is provided to us by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the website usage data on our behalf and is contractually obliged to take measures to ensure the security and confidentiality of the processed data.

The following data is recorded during your visit to the website:

  • Pages accessed
  • Orders including turnover and products ordered
  • The achievement of “website goals” (e.g. contact enquiries and newsletter registrations)
  • Your behavior on the pages (e.g. length of stay, clicks, scrolling behavior)
  • Your approximate location (country and city)
  • Your IP address (in abbreviated form, so that no clear assignment is possible)
  • Technical information such as browser, internet provider, end device and screen resolution
  • Source of origin of your visit (i.e. via which website or advertising medium you came to us)
  • Personal data such as name, address or contact details are never transmitted to Google Analytics.

This data is transferred to Google servers in the USA. We would like to point out that the same level of protection under data protection law cannot be guaranteed in the USA as within the EU.

Google Analytics stores cookies in your web browser for a period of two years since your last visit. These cookies contain a randomly generated user ID with which you can be recognized on future visits to the website.

The recorded data is stored together with the randomly generated user ID, which makes it possible to analyze pseudonymous user profiles. This user-related data is automatically deleted after 14 months. Other data remains stored indefinitely in aggregated form.

If you do not agree to the collection of data, you can prevent this by installing the browser add-on to deactivate Google Analytics or by rejecting cookies via our cookie settings dialogue.

GOOGLE-TAG-MANAGER:

This website uses the Google Tag Manager. Google Tag Manager is a solution that makes it possible for marketers to manage website tags with the help of a user interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain, and does not collect any personal data. The tool provides for the activation of other tags, which do collect data under certain circumstances. Google Tag Manager does not access this data. If a deactivation had been carried out at the domain or cookie level, the deactivation remains in effect for all tracking tags that are implemented with the help of Google Tag Manager.

GOOGLE MAPS

This website uses the Google Maps product, which is provided by Google Inc. By using this website, you accept the fact that the automatically-collected data shall be acquired, processed and used by Google Inc., its representatives and third parties.

LEGAL BASIS

The collection/processing of your data is based on Art. 6 (1) f GDPR, or with your consent when using the contact form.

 

DATA PROTECTION INFORMATION FOR APPLICATIONS

DATA COLLECTION

If you file an online application, we shall collect and process the following pieces of personal application data:

  • Title
  • Name, first name
  • Address
  • Telephone number/Mobile number
  • E-mail
  • Application documents (letter of application, curriculum vitae, testimonials, certificates, and suchlike)
  • Within the context of video calls, the video signal sent by your IT device or telephone
  • With prior agreement we answer in context of communication for certain channels via WhatsApp

PURPOSE OF DATA COLLECTION/FORWARDING

Your personal application data is only collected and processed for purposes related to the filling of job slots within our corporate group. As a matter of principle, your data is only forwarded to the in-house authorities and specialized departments that are responsible for the specific application procedure in question, unless you have given us permission (through our application form) to consider your application with regard to other suitable jobs as well.

Please note that the data provided by you could, if necessary, be used to create statistics regarding the (online) application process. These statistics are only created for our own purposes. The aforementioned statistics are never created in a personalized form; they are always created in an anonymized form.

LEGAL BASIS

Your data is collected/processed in accordance with §26 of the BDSG (Federal Data Protection Act) (new) (up to now, §32 of the BDSG); alternatively, it is collected/processed with your consent.

RETENTION PERIOD OF THE APPLICATION DATA

On principle, your personal application data is deleted after a maximum period of 6 months after the completion of the application procedure. This does not apply to situations in which legal regulations rule out such a deletion, further storage is necessary for purposes related to the provision of evidence, or you have explicitly approved of longer-term storage.

Storage for other or future job advertisements:

If we are unable to offer you a position that is currently vacant, but are of the opinion based on your profile that your application might be of interest for other or future job offers, we will store your personal application data for a maximum of 1 year after receipt of your application, provided that you expressly consent to such storage and use. With your consent, we will compare your documents with our job offers and contact you if a suitable offer is available.

SPECIAL MEASURES FOR DATA SECURITY IN THE APPLICATION PROCESS

The transmission of your online application data is encrypted, in accordance with the currently recognized state of the art.

 

DATA PROTECTION INFORMATION FOR BUSINESS PARTNERS/INTERESTED PARTIES

Within this context, business partners are all employees of our customers, suppliers, service providers, network partners as well as persons from public organizations with whom our company maintains contacts in the general day-to-day business. Within this context, interested parties are all employees of potential customers, suppliers and service providers with whom a business relationship is to be established.

COLLECTION AND PROCESSING OF DATA BASED ON YOUR CONSENT

(Art. 6 para. (1) a GDPR)

If you have given us your consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent. Any consent granted can be revoked at any time. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.

FOR THE FULFILMENT OF CONTRACTUAL OR PRE-CONTRACTUAL OBLIGATIONS

(Art. 6 para. 1b GDPR)

The processing is carried out within the framework of the execution of contracts to which you are a party or upon request by you for the execution of pre-contractual measures.

The purposes of the data processing depend on the respective contract documents and subject matter of the contract, in this case therefore on the existing customer (framework) contract with you.

AS PART OF THE BALANCING OF INTERESTS

(Art. 6 para. 1f GDPR)

As far as necessary, we process your data to protect the legitimate interests of us or third parties. Our legitimate interest is in particular for group-wide management and control measures, marketing purposes, to improve our business relationship, to assert legal claims and to defend ourselves in legal disputes.

WHICH DATA IS PROCESSED?

Your contact data, customer data, contract data, during factory visits with your express consent possibly also photos, during video telephone calls or conferences also the video signal from your telephone or IT terminal.

WHO RECEIVES YOUR DATA?

Within our company, access to your data is granted to those entities that require it within the scope of the so-called “Least Privilege” (allocation of user rights to the lowest possible extent) and the Need- To-Know principle (knowledge of data only when necessary). Service providers and vicarious agents employed by us may also receive data for these purposes, provided they comply with our data protection regulations and instructions. With regard to the transfer of data to recipients outside our company, we may only pass on data if this is necessary, if a legal provision requires this, if you have given your consent or if processors commissioned by us have undertaken to comply with the provisions of the GDPR and the BDSG (German Federal Data Protection Act).

Under these conditions, recipients of personal data may be:

  • WIHA employees with a corresponding business relationship with you
  • Employees of the corporate group with overarching management and control tasks
  • Service providers within the scope of order processing

In case of PR and marketing activities (after your prior explicit consent):

  • Website visitors
  • Readers of our print media and publications
  • Users of our social media

DATA PROTECTION INFORMATION FOR REPORTING BREACHES OF REGULATIONS AND LAWS (Whistleblowing legislation)

This information applies to all internal and external persons who want to confidentially report a non-compliance of Wiha or it’s employees.

AS PART OF THE LEGITIMATE INTERESTS

(Art. 6 para. 1f GDPR)

As far as necessary, we process your data to protect the legitimate interests or those of third parties. Our legitimate interest is in particular to prevent damage to the company.

AS PART OF LEGAL REGULATIONS

(Art. 6 para. 1c GDPR in conjunction with §§ 13, 24 HinSchG)

Where necessary, we process your data in order to be able to carry out our tasks in the operational reporting office (operating reporting channels, managing the procedure, taking follow-up measures).

WHICH DATA IS PROCESSED?

Your contact details, which you enter in the Whistleblower Channel.

WHO GETS OUR DATA?

The processing of your personal data in connection with a possible breach of rules is absolutely confidential; the disclosure of your personal data outside the company reporting office is only intended in the context of criminal prosecution (questioning of witnesses). Within our company, access to your data is only granted to those departments that require it within the framework of the so-called “least privilege” principle (allocation of user rights to the smallest possible extent) and the need-to-know principle (knowledge of data only if necessary). Service providers and vicarious agents employed by us may also receive data for these purposes if they comply with our data protection regulations and instructions.

With regard to the transfer of data to recipients outside our company, we may only pass on data if this is necessary, if a legal provision requires this, if you have given your consent or if processors commissioned by us have undertaken to comply with the provisions of the GDPR and the BDSG.

Under these conditions, recipients of personal data may be

  • WIHA employees in the function of the company registration office
  • Service providers in the context of order processing

In the event of criminal offenses:

  • Law enforcement authorities

Privacy Policy dated: July 04, 2024