Privacy Policy

First off, your data is in good hands with us. We will only do what you want us to do with your data. The details are set out below in the long version of our promise. We have written our Privacy Policy in the most comprehensible way possible. For example, we have omitted references to laws and simplified many specialist terms. The relevant legally valid text can be found under “Details +”. Incidentally, by GDPR we mean the General Data Protection Regulation of the European Union.

I. General information

1. Contact details of the controller

Wiethe Content GmbH
Hermann-Müller-Straße 12
49124 Georgsmarienhütte
Germany

Telefon: +49 (0)5401 3651-100
Telefax: +49 (0)5401 3651-10
E-Mail: content@wiethe.com

2. Contact details of our Data Protection Officer

3. Information on data transfer to the US

We sometimes transfer data to companies in the US to have it processed there. For all these cases, the following applies:

Unfortunately, it is not possible to ensure as good data protection in the US as in the EU. This is why we hereby expressly point out the risks you face as a result of these data transfers: The risk is that, due to legislation in the US, American authorities (in particular, the secret services) may access your data. Opportunities for judicial remedy or information on the handling of your data from the US authorities are only possible to a very limited extent or not at all. For this reason, processing is carried out on the basis of your explicit consent. You have the right to withdraw your consent at any time. The consequences of the withdrawal of your consent depend on the service in question and are described in the relevant section.

The sections below related to the companies we cooperate with in the US indicate which data is transferred.

We use services where personal data is transferred to the US and processed there. The services we currently use are described below in the relevant sections. The following applies equally to all these services:

There is no European Commission adequacy decision for data transfers to the US. Since, despite any standard contractual clauses agreed with the service provider, it is ultimately not possible to ensure a level of data protection that corresponds to that of the EU, we hereby expressly draw your attention to the risks you face as a result of such data transfer to the US: There is a risk that US authorities may gain access to the personal data on the basis of the PRISM and UPSTREAM surveillance programmes based on Section 702 of the Foreign Intelligence Surveillance Act (FISA), as well as on the basis of the Executive Order 12333 or Presidential Policy Directive 28. EU citizens have no effective means of legal protection against such access in the US or the EU. For this reason, processing is carried out on the basis of your explicit consent in accordance with Article 49(1)(a) of the EU General Data Protection Regulation (GDPR). You have the right to withdraw your consent at any time in accordance with Article (7)(3) GDPR. The consequences of the withdrawal of your consent depend on the service in question and are described in the relevant section. The relevant sections below also indicate which data is transferred.

II. Concrete information on the collection of personal data

1. Visiting the website

1.a) Purpose of the collection and processing of data

To keep a technical eye on what is happening on our website, we store some data (see list under “Details +”). This helps us, for example, to detect faults and overloads. It also gives us an indication of how to further develop our website. With the exception of the IP address, the data cannot be tracked to you. It would take considerable effort to track the IP address we store back to you – something we do not do.

Every time a user accesses a page from our website or calls up a file stored on our website, access data relating to this process are stored in a log file. Each dataset consists of:

(1) the page from which the file was requested,
(2) the name of the file,
(3) the date and time of the request,
(4) the amount of data transmitted,
(5) the access status (file transmitted, file not found, etc.),
(6) a description of the type of operating system and web browser used,
(7) the client IP address.

We use this data in order to operate our website, in particular to determine the utilisation of the website and website malfunctions, and to make adjustments or improvements. The client IP address is used for the purpose of transmitting the data requested; when no longer technically required, the client IP address will be rendered anonymous by deleting the last block of numbers (IPv4) or the last octet (IPv6).

1.b) Duration of retention

The data mentioned in 1.a) are stored every time our website is accessed. They will be deleted when we no longer need them ‒ within ten weeks at the latest.

Data are stored every time a user accesses a page from our website or calls up our website; such data will be deleted as soon as they are no longer required for the purpose of the collection, which is the case within ten weeks of the user’s last visit to the website at the latest.

1.c) Legal basis

The European Union’s General Data Protection Regulation allows us to process data in this way.

The legal basis for the temporary storage of the aforementioned data is Article 6(1)(f) GDPR. The legitimate interest is to make available our website. It is not necessary to obtain consent to this data processing because otherwise this service could not be provided (in accordance with Section 25(2)(2) of the Telecommunications Telemedia Data Protection Act (TTDSG), which is why Article 6(1)(a) GDPR also applies).

1.d) Possibility of objection and removal

You can let us know that you do not agree to the storage of data. In this case, you would have to tell us your IP address so that we can prevent the entire log data from being stored. We would then have to store the IP address and your address details for as long as your objection is valid.

The data subject may object to processing. The personal data required to implement the objection (IP address and address details) shall then be stored by us for as long as the objection is maintained.

2. Cookies and similar data processing operations

Information on cookies and data processing is displayed when you visit the site. You can then choose which cookies you accept and which you reject. You can also access the settings options at any time at the bottom of each page by clicking on the “Privacy settings” link.
Incidentally, if the “Do Not Track” setting is activated in your browser, this information will not be displayed and any non-essential processing will be blocked. In this case, you can still obtain information and unblock the site at any time by clicking on the “Privacy settings” link at the bottom of each page.

2.a) Purpose of the collection and use of data

When you visit our website, small data packages are stored on your web browser (or on the device you use to visit our website). These are called cookies. With the help of these cookies, our website can tell that this web browser has already visited the page before. Any settings that may have been made can then be made again automatically (e.g. the selected language). Cookies also help us to adapt the pages to your preferences and to speed up the display of the page.
Data is processed even without cookies.

Services that transfer data to third countries that are not data secure are marked as “Non-EU”. Concerning this, see also „I. 3 Information on data transfer to the US“.

Cookies and other processing operations are used for the following purpose, without which this website would not work:

  • Real Cookie Banner: We use this software to manage your consents and refusals to process your data on the Careers website.

The following services provide convenience:

  • Akamai: This service delivers files to you quickly and reliably. Cookies are not set, but other data about you is collected (as described in 1.a) under “Details”). Akamai is accessed via Vimeo and is not directly integrated by us. (Non-EU)
  • Font Awesome: Font Awesome is a service from which icons are downloaded to be embedded in the website. Cookies are not set, but other data about you is collected (as described in 1.a) under “Details”). Font Awesome is integrated via Vimeo and not directly via us. (Non-EU)
  • Vimeo: The Vimeo video service allows us to insert our videos that we have stored there into our website, and to play them back smoothly. Cookies are used to collect information about video usage. Your personal data can be linked to your data on vimeo.com if you are logged in there – but not otherwise. (Non-EU)

Statistics:

  • Google Analytics: Google Analytics is a service for producing detailed statistics on visitor behaviour on the website. Cookies are used to distinguish visits, to store information related to promotions for and by visitors, and to link data from multiple page views. This helps us to improve our website and increase the success of our job adverts. (Non-EU)
  • Matomo: Matomo is a service for producing detailed statistics on visitor behaviour on the website. Cookies are used to distinguish devices and to link data from multiple page views. In the process, technical and personal data such as the IP address is transferred by the client to the Wiethe server at Matomo. (EU, New Zealand)

Advertising (Marketing):

  • Facebook: We use the Facebook pixel on our website. It helps us to make you suitable job offers within Facebook. The pixel also allows us to see how effective our job advertising is on Facebook. Cookies are used to distinguish individuals, to accurately track their behaviour on the website, and to link this data to Facebook. If you have a Facebook account, we also learn that this account was interested in our jobs. (Non-EU)
  • Instagram: Instagram allows images and similar elements posted on instagram.com to be embedded directly into websites. The data collected via Instagram is used to obtain detailed statistics on visitor behaviour from visited websites. This information can be linked to the data of people registered on instagram.com and facebook.com; it helps us to shape our image in the future. (Non-EU)

In order to make it technically possible to visit our website, we transmit so-called cookies to the data subject’s end device. Cookies are small text files that enable the data subject’s end device to be identified, usually by recording the name of the domain from which the cookie data was sent, information on the age of the cookie and an alphanumeric identifier. Saving the cookie on the end device used – without interfering with the operating system – enables the end device to be recognised and allows us to make any possible presettings immediately available. We use this information to adapt our website and the services offered to your needs and to enable you to access our website more quickly.

In addition to cookies, other methods are also used to process personal data, such as the transmission of IP addresses and device fingerprinting.

The following processing operations are essential for the basic functionality of the website and are used for the following purpose:

  • Real Cookie Banner: We use this software to manage your consents and refusals to the processing operations of your data on this website. Real Cookie Banner asks you to consent to the cookies and other data processing operations used on this website. The cookies store the UUID (Universal Unique Identifier – alias identification of the visiting device) and the selection of the agreed cookie groups and cookies. (EU)

Functional processing operations:

  • Akamai: Akamai.com is a CDN (Content Delivery Network) and protects websites from malicious traffic and saves parts of the website in a cache for faster delivery. Akamai can also deliver a cached version of the website if the website server is unavailable. The cookies are used to uniquely identify devices and classify them as potential attackers and to determine the fastest available server. akamaized.net is accessed via Vimeo and is not directly integrated by us. (Non-EU)
  • Font Awesome: Font Awesome is a service that provides icons as fonts that are not installed on the client device and allows them to be embedded in the website. No cookies are set on the client device, but technical and personal data such as the IP address are transmitted from the client to the service provider’s server to enable the use of the service. Font Awesome is integrated via Vimeo and not directly via us. (Non-EU)
  • Vimeo: The Vimeo video service provider (vimeo.com) allows us to embed videos hosted there into our website and to play them back with high performance. Cookies are used to collect detailed statistics on video usage resulting from visits. This data can be linked to the data of the person registered on vimeo.com. Otherwise, linking is not possible. (Non-EU)

Statistics:

  • Google Analytics: Google Analytics is a service for producing detailed statistics on visitor behaviour on the website. The cookies are used to distinguish visits, to store campaign-related information for and by visitors, and to link data from multiple page views. This helps us to improve our website and increase the success of our job adverts. (Non-EU)
  • Matomo: Matomo is a service for producing detailed statistics on visitor behaviour on the website. Cookies are used to distinguish devices and to link data from multiple page views. Matomo also makes programme code available that is integrated when the page is accessed. In the process, technical and personal data such as the IP address is transmitted from the client to the Matomo server. All servers are located in the EU. The company InnoCraft, which owns Matomo, has its registered office in New Zealand. An adequacy decision in accordance with Article 45(3) GDPR exists for New Zealand. (EU, New Zealand)

Marketing:

  • Facebook: We use the “Facebook pixel” on our website. It helps to determine whether you belong in a suitable target group for the presentation of adverts within Facebook’s ad network. The Facebook pixel also makes it possible to track the effectiveness of Facebook advertising. Using the additional function “extended comparison”, information stored in your Facebook account, such as email addresses or Facebook IDs of people, is evaluated by target group in encrypted form. Cookies are used to distinguish devices, record their behaviour on the website in detail, and link this data to advertising data from Facebook’s ad network. This data can be linked to the data of people registered on facebook.com with their Facebook accounts. (Non-EU)
  • Instagram: Instagram allows content posted on instagram.com to be embedded directly into websites. The data recorded is used to collect visited web pages and detailed statistics on visiting behaviour. This information can be linked to the data of people registered on instagram.com and facebook.com, and helps us to shape our external image in the future. (Non-EU)

You can find out which cookies are (possibly) set in the privacy settings.

2.b) Duration of retention

You can delete our cookies from your browser / device at any time. Besides that, the cookies will also be deleted automatically after different lengths of time.

The different cookies are stored for different lengths of time; however, the maximum period is two years. Cookies are stored on your local end device, not on our server, which is why the actual deletion period depends on how your browser software is configured. Please refer to the operating instructions of your browser software to find out how to delete – either ad hoc or automatically – cookies that we have set.

2.c) Legal basis

The General Data Protection Regulation (GDPR) and the Telecommunications Telemedia Data Protection Act (TTDSG) allow us to set cookies.

Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. for a language switch) (essential cookies) are stored on the basis of Article 6(1)(f) of GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of essential cookies in order to optimise and provide its services free of technical errors. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Article 6(1)(a) GDPR and Section 25(1) TTDSG); consent can be withdrawn at any time.

2.d) Possibility of objection and removal

You can delete cookies yourself at any time. In addition, cookies can be rejected in the privacy settings.

The data subject may block the use of cookies in the end device used or delete these cookies after use. In some circumstances, however, it may not be possible to use the full functionality of our website. Please refer to the operating instructions of the browser software to find out how to block cookies and to delete cookies that have already been saved.

3. Applications

3.a) Purpose of the collection and use of data

Application details are used solely for the application procedure.

We process the data provided to us in the context of applications only for the purpose of the application and an application procedure.
We provide an application form on our website. The data subject may use this application form to contact us electronically and submit their application documents. The following data is collected and stored: name, IP address, email address, curriculum vitae (with the contents determined freely by the data subject), possibly other documents such as cover letters, certificates/references, work samples, etc., and the date and time of the enquiry. The data is transferred directly to our application management, and is not stored in the portal.

3.b) Duration of retention

If the applicant is hired, we will retain the data for the duration of employment. If the applicant is not hired, we will delete the data as soon as they are no longer required. This is typically the case after six months. If an application is withdrawn, we will also delete the data.

In the event of a successful application, we may further process applicants’ data for the purpose of the employment relationship. In the event of an unsuccessful application, applicants’ data will be deleted after the completion of the application process, unless we are entitled to store the data for a period of six months in order to answer any follow-up questions concerning the application and to comply with any obligations to provide supporting documents arising from the Act on Equal Treatment. If a candidate withdraws his or her application, the data will likewise be deleted.

3.c) Legal basis

The General Data Protection Regulation and the Federal Data Protection Act govern the handling of data in application procedures.

The aforementioned data are stored only in compliance with our pre-contractual obligations in the context of the application procedure within the meaning of Article 6(1)(b) and (f) GDPR and, where applicable, for purposes relating to the employment relationship in accordance with Section 26 of the Federal Data Protection Act (BDSG). Where special categories of personal data within the meaning of Article 9(1) GDPR are communicated voluntarily, these are processed additionally in accordance with Article 9(2)(b) GDPR (e.g. data relating to health, such as severe disability status). Where special categories of personal data within the meaning of Article 9(1) GDPR are requested from applicants in the context of the application procedure, they will be processed additionally in accordance with Article 9(2)(a) GDPR (e.g. data relating to health, if these are necessary for the pursuit of an occupation).

3.d) Possibility of objection and removal

You have the right to object to processing, and to request the erasure of data. It could be the case that legal provisions do not allow this. (For example, the requirement that application details must be retained in case of complaints under the Act on Equal Treatment. See also 3.b)

The possibility of objection and removal exists to the extent presented above.

4. Contact form, contact by email, fax or telephone

4.a) Purpose of the collection and use of data

When you contact us, we save the information you give us. This is the case regardless of how you contact us. We will not pass on your data.

Individuals may contact us by email, fax or phone. The data transferred to us in this way and specified by the data subject will be saved by us so that we can process the query. Such data includes the name, address, email address, phone and / or fax number, the date and time of the query, a description of the concern and, where applicable, contract data if the query is made in the context of preparing or executing a contract.
The data will not be divulged to third parties. It serves the purpose of processing the data subject’s contact enquiry.

4.b) Duration of retention

When we no longer need the information relating to you which you gave us during our communication, we will delete it.

Once data are no longer required for achieving the purpose, they will be deleted. This is the case where the conversation has been successfully completed and the circumstances have been clarified, and no contractual or fiscal retention periods prevent such deletion. That period is five years for personal data that fall under Section 147 of the German Fiscal Code (AO) and ten years for personal data that fall under Section 257 of the German Commercial Code (HGB). These periods commence at the end of the calendar year in which the data were collected.

4.c) Legal basis

The General Data Protection Regulation allows us to use contact details.

The legal basis for storing the aforementioned data is Article 6(1)(a) GDPR, only after the data subject has given his or her prior consent within the query; Article 6(1)(b) GDPR in the context of the initiation or performance of a contract; or Article 6(1)(f) GDPR. The controller’s legitimate interest is the ability to process contact enquiries and to prevent the abuse of contact enquiry. Since the data subject is able at any time to withdraw his or her consent, the legitimacy of the processing of personal data that took place on the basis of consent until its withdrawal is not affected.

4.d) Possibility of objection and removal

If you do not want us to continue using your data, you can object to this at any time. Simply contact us, and we will delete your details.

The data subject may at any time withdraw the consent he or she gave to the processing and storage of data. Data stored with regard to this process will then be deleted.

5. Google Analytics

5.a) Purpose of the collection and use of data

By using the Google Analytics service, we get an insight into the use of our website. Google is a company based in the US. In order to create the necessary statistics, the IP address you used to visit our website is stored. However, the IP address will be processed in anonymous form. In other words, both we and Google process this information. In addition to the IP address, Google also collects additional data such as the browser, as well as website or app activity.

The client IP address is recorded for the use of the Google Analytics service. This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). The information generated by Google software on our site about the use of this website is usually transmitted to a Google server in the US, where it is stored. Owing to the activation of IP anonymisation on this website, however, the data subject’s IP address will be shortened beforehand by Google within the Member States of the European Union and in other countries which are contracting parties to the Agreement on the European Economic Area. Only in exceptional cases (according to Google) will the full IP address be transmitted to a Google server in the US first and then shortened. (However, it cannot be ruled out that Google will also process the unabridged IP address for its own purposes.) On the instructions of the operator of this website, Google will use this information to analyse the use of the website, to compile reports about website activities and to provide additional services relating to website and internet usage for the website operator. The IP address transmitted from your browser using Google Analytics will not be associated with any other data held by Google. In addition to the IP address, Google also collects data about the device or browser, as well as website or app activity. This data is forwarded to the domain https://tagmanager.google.com/. From there, it is transmitted to our Google Analytics account. You can find out which cookies are (possibly) set in privacy settings.

5.b) Duration of retention

Your full IP address will only be used for the duration of a fraction of a second, i.e. for the purpose of anonymising it. The raw data for statistics will be deleted after 14 months. Google automatically deletes the other data when it is no longer to be retained.

Once the data is no longer needed to achieve the purpose, it will be deleted, which is the case when the anonymisation, which takes place within the European Union, has been completed. This takes less than one second. The data sent by us and that is linked to cookies, user identifications (e.g. user IDs) or advertising IDs will be deleted automatically after 14 months. Data that has reached its storage period is deleted automatically once a month. For more information, visit https://marketingplatform.google.com/about/analytics/terms/us/ and https://policies.google.com/?hl=en. For the other data, Google sets a retention period depending on the reason for collection.

5.c) Legal basis

The General Data Protection Regulation allows us to analyse visits. Also note the legal information provided in Section I. 3 Information on data transfer to the US. Wiethe is responsible for transferring data to Google. Google then helps us to improve the effectiveness of our website, and consequently recruitment. Google decides how it handles the data. We have no further influence on this. This division of tasks means that Google and Wiethe are jointly responsible for data processing (in accordance with Article 26 GDPR). We only disclose the data to Google with your consent.

We transfer data to

Google LLC
1600 Amphitheatre Parkway
Mountain View, CA 94043, USA
(“Google”)

The legal basis for the storage and transfer of the aforementioned data is Article 6(1)(a) GDPR. We therefore ask you to consent to the processing for the purpose of analysing the use of the website. Analysis of all users in their entirety without being able to draw conclusions about the behaviour of identifiable individuals enables us to optimise our website and the services we offer. Your consent is also required in accordance with Section 25(1) TTDSG.

Since Google is a company based in a “third country that is not data secure”, we are dependent on your consent in accordance with Article 6(1)(a) GDPR in conjunction with Article 49 GDPR to be able to transfer your personal data to the US. For details about the risks and security measures, see Section I. 3 Information on data transfer to the US.

Wiethe is responsible for the collection and transfer of data to Google. Based on this data, Google provides us with services to improve the effectiveness of our website. Google has sole responsibility for the storage and further use of the data. This division of tasks results in joint responsibility in accordance with Article 26 GDPR.

5.d) Possibility of objection and removal

You can prevent cookies from being set on your browser / device. But it could be that some convenient functionalities will then no longer work. The integration of Google Analytics can be disabled at any time in our privacy settings. A browser plug-in can even be used to prevent data being shared with Google: https://tools.google.com/dlpage/gaoptout?hl=en

The data subject can prevent cookies from being saved by setting their browser software accordingly; we point out to the data subject, however, that this may mean that he or she will not be able to use the full functionality of this website. The data subject can also prevent the data generated by the cookie relating to the use of the website (including the IP address) from being recorded and used by Google by downloading and installing the browser plugin available from this link [https://tools.google.com/dlpage/gaoptout?hl=en].

6. Web analytics via the Facebook pixel

6.a) Purpose of the collection and use of data

We use a marketing service provided by Facebook on this website to show suitable job adverts to you and others who may be interested in us. When you visit our website, the fact that you have visited this website is transmitted to Facebook, and Facebook assigns this information to your personal Facebook account (if you have one). To find out more about the collection and use of data by Facebook, as well as your rights in this respect and the options for protecting your privacy, please refer to Facebook’s Privacy Policy at https://www.facebook.com/about/privacy/ and to privacy settings on our website.

This website uses the “Custom Audiences” remarketing feature of

Facebook Inc.
1601 S. California Ave,
Palo Alto, CA 94304, USA
(“Facebook”)

This feature allows us to show you job adverts based on your interests (“Facebook ads”) when you visit Facebook. To do this, the Facebook remarketing tag (pixel) has been installed on this website. A direct connection to the Facebook servers is established via this tag when you visit the website. The fact that you have visited this website is transmitted in the process, and Facebook assigns this information to your personal Facebook account. To find out more about the collection and use of data by Facebook, as well as your rights in this respect and the options for protecting your privacy, please refer to Facebook’s Privacy Policy at https://www.facebook.com/about/privacy/.

6.b) Duration of retention

We do not store the data we transfer to Facebook. Facebook stores the data as long as it is necessary for the purposes of processing.

See also the section on “Data retention, account deactivation and deletion” (https://de-de.facebook.com/about/privacy/update ) in the Facebook “Data Policy”.

6.c) Legal basis

We have a legitimate interest in successful recruitment. The GDPR allows us to process data in this case. Also note the legal information provided in Section I. 3 Information on data transfer to the US. Wiethe is responsible for transferring data to Facebook. Facebook then helps us to improve the effectiveness of our job adverts. Facebook has sole responsibility for its handling of the data. We have no further influence on this. This division of tasks means that Facebook and Wiethe are jointly responsible for data processing (in accordance with Article 26 GDPR). We only disclose the data to Facebook with your consent.

The legal basis for data processing is Article 6(1)(f) GDPR (legitimate interest in effective recruitment). In accordance with Section 25(1) TTDSG, your consent is nevertheless required. Since Facebook Inc. is a company based in a “third country that is not data secure”, we are dependent on your consent in accordance with Article 6(1)(a) GDPR in conjunction with Article 49 GDPR to be able to transfer your personal data to the US. For details about the risks and security measures, see Section I. 3 Information on data transfer to the US. Wiethe is responsible for the collection and transfer of data to Facebook. Based on this data, Facebook provides us with services to improve the effectiveness of our job adverts. Facebook has sole responsibility for the storage and further use of the data. This division of tasks results in joint responsibility in accordance with Article 26 GDPR

6.d) Possibility of objection and removal

You can object to the transmission of data to Facebook at any time in the privacy settings. If you have a Facebook account, you can also disable the “Custom Audiences” feature at https://www.facebook.com/adpreferences/advertisers/?entry_product=ad_preferences_delegation. Facebook has also provided instructions on how to do this.

7. Matomo

7.a) Purpose of the collection and use of data

Matomo provides us with statistical information on user activity on our website. Data are collected anonymously.

This website uses the open source software program Matomo (formerly PIWIK, www.matomo.org) for statistical analysis of visits to the website. Matomo uses cookies to do so (see also 2.a). In the process, data may be recorded, processed and stored, from which anonymous user profiles are created. The data collected is those specified in 1.a) and, in addition

  • a pseudonymised identification number
  • your IP address (the last number block of the IP address is removed for anonymisation on our Matomo server)
  • country and municipality of origin (by determining longitude and latitude using the shortened IP address)
  • the device used (including language settings, browser version and display size)
  • possibly the URL of the external link on our website that you use to leave the website
The information collected by Matomo for this purpose is transmitted to the server on which our website is hosted and forwarded to our Matomo server, where it is processed by Matomo software for usage analytics. The Matomo server is located in Germany. Your IP address will be anonymised immediately after processing, before storage. Matomo’s Privacy Policy is available here: https://matomo.org/privacy-policy/.

7.b) Duration of retention

Your full IP address will only be used in full for as long as it is necessary to anonymise it. All data will be automatically deleted within 7 weeks.

Once the data are no longer needed to achieve the purpose, they will be deleted; where the IP address is concerned, this is the case when anonymisation has taken place. For technical reasons, this process takes less than one second. All other data will be automatically deleted after 186 days.

7.c) Legal basis

The General Data Protection Regulation and the TTDSG allow us to analyse visits in this way.

The legal basis for the use of the data is the pursuit of our legitimate interests in the analysis, optimisation and economic operation of our website (Article 6(1)(f) GDPR) by means of collecting anonymous usage data and producing statistics from those data.

 

If the relevant consent has been requested, the processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

7.d) Possibility of objection and removal

You may object to data processing by Matomo.

The user of this website can opt out of the analytics process, either by using the “Do Not Track” setting in his or her browser, or by removing the check mark above.

8. Vimeo Video

8.a) Purpose of the collection and use of data

We embed videos provided by the Vimeo service into our website. Vimeo is a company based on the USA. The Google Analytics service is integrated with these videos. Tracking is done by Vimeo. We have no influence on this. Vimeo also uses tracking pixels (web beacons) for embedded videos. The Vimeo privacy policy contains information about how you can influence Vimeo tracking yourself: https://vimeo.com/privacy.

Content of third-party providers is embedded in this website. Such content is provided by Vimeo LLC. Vimeo is operated by Vimeo LLC, 555 West 18th Street, New York 10011, USA (“Vimeo”). The Google Analytics tracking tool is automatically integrated into Vimeo videos embedded on our website. We have no influence on the tracking settings and on the results of the analysis, and cannot view them. In addition, by embedding Vimeo videos, web beacons are set for website users. The purpose and scope of data collection and the further processing and use of the data by the provider and your rights and setting options for the protection of your privacy can be found in the privacy policy of Vimeo (https://vimeo.com/privacy). You can find out which cookies are (possibly) set in the privacy settings.

8.b) Duration of retention

The data are stored by Vimeo. Consequently, Vimeo also governs the storage period.

The storage period is determined by Vimeo specifications.

8.c) Legal basis

The General Data Protection Regulation allows us to undertake this type of marketing. Also note the legal information provided in Section I. 3 Information on data transfer to the US. Wiethe is responsible for transferring data to Vimeo. Vimeo decides how it handles the personal data collected. We have no further influence on this. This division of tasks means that Vimeo and Wiethe are jointly responsible for data processing (in accordance with Article 26 GDPR). We only disclose the data to Vimeo with your consent.

The purpose of embedding videos is to safeguard our legitimate prevailing interests in the optimal marketing of our offerings in accordance with Article 6(1)(f) GDPR, to which we are entitled in the context of balancing interests. In accordance with Section 25(1) TTDSG, your consent is nevertheless required (which is why Article 6(1)(a) GDPR also applies). Since Vimeo is a company based in a “third country that is not data secure”, we are dependent on your consent in accordance with Article 6(1)(a) GDPR in conjunction with Article 49 GDPR to be able to transfer your personal data to the US. For details about the risks and security measures, see Section I. 3 Information on data transfer to the US. Wiethe is responsible for the collection and transfer of data to Vimeo. Based on this data, Vimeo provides us with the service of integrating our videos and related usage statistics. Vimeo has sole responsibility for the storage and further use of the data. This division of tasks results in joint responsibility in accordance with Article 26 GDPR.

8.d) Possibility of objection and removal

You can prevent cookies from being set on your browser/device. But it could be that some convenient functionalities will then no longer work. The integration of Vimeo can be disabled at any time in our privacy settings. You can also make a setting on the Vimeo page concerning cookies (https://vimeo.com/cookie_policy) which prevents Vimeo from setting cookies.

To stop Vimeo cookies from being set, you can prevent cookies from being saved by changing the appropriate setting in your browser software; we point out, however, that this may mean that you will not be able to use the full functionality of this website. You can also disable the setting of cookies by Vimeo on Vimeo’s “Cookie Policy” page (https://vimeo.com/cookie_policy).

9. Instagram

9.a) Purpose of the collection and use of data

We have images and similar elements on our website that are loaded by the Instagram service. Instagram is a company in the USA. You can use these media to tell us if you like them. If you are a member of Instagram, Instagram can tell that you have expressed your liking. Instagram’s Data Policy is here available..

Content of third-party providers is embedded in this website. Such content is provided by Instagram Inc. Instagram is operated by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. This may include, for example, content such as images, videos or text and buttons, where users can express their liking of the content, and subscribe to the authors of the content or our contributions. If users are members of the Instagram platform, Instagram can assign the call up of the abovementioned content and functions to the users’ profiles there. Instagram’s Data Policy: http://instagram.com/about/legal/privacy/. You can find out which cookies are (possibly) set in the privacy settings

9.b) Duration of retention

Data are stored with Instagram. Consequently, Instagram also governs the storage period.

The storage period is determined by the specifications of the operators of social networking sites.

9.c) Legal basis

The General Data Protection Regulation allows us to undertake this type of marketing. Also note the legal information provided in Section I. 3 Information on data transfer to the US. Wiethe is responsible for transferring data to Instagram. Instagram decides how it handles the personal data collected. We have no further influence on this. This division of tasks means that Instagram and Wiethe are jointly responsible for data processing (in accordance with Article 26 GDPR). We only disclose the data to Instagram with your consent.

The purpose of embedding content is to safeguard our legitimate prevailing interests in the optimal marketing of our offerings in accordance with Article 6(1)(f) GDPR, to which we are entitled in the context of balancing interests. In accordance with Section 25(1) TTDSG, your consent is nevertheless required (which is why Article 6(1)(a) GDPR also applies). Since Instagram is a company based in a “third country that is not data secure”, we are dependent on your consent in accordance with Article 6(1)(a) GDPR in conjunction with Article 49 GDPR to be able to transfer your personal data to the US. For details about the risks and security measures, see Section I. 3 Information on data transfer to the US. Wiethe is responsible for the collection and transfer of data to Instagram. Based on this data, Instagram provides us with services to improve the impact of our public image. Instagram has sole responsibility for the storage and further use of the data. This division of tasks results in joint responsibility in accordance with Article 26 GDPR.

9.d) Possibility of objection and removal

You can prevent cookies from being set on your browser/device. But it could be that some convenient functionalities will then no longer work. The integration of Instagram can be disabled at any time in our privacy settings.

To stop cookies from being set, you can prevent cookies from being saved by changing the appropriate setting in your browser software; we point out, however, that this may mean that you will not be able to use the full functionality of this website. These cookies are placed on the Instagram website.

III. Rights of the data subject

You have the following rights with regard to the personal data transmitted to us via our website.

If personal data relating to the user are processed on our website, then the person concerned (the data subject) has the following rights vis-à-vis the controller according to the GDPR.

1. Right of access under Article 15 GDPR

You have the right to the following information:
a) the reason for processing
b) the type of data processed
c) in the event of the disclosure of your data: the recipients
d) the storage period
e) information about your rights to rectification and erasure, and the restriction of and objection to data processing
f) the right to lodge a complaint with a data protection authority
g) if we have data relating to you that you did not transmit to us yourself: the origin of the data
h) about the application of automated decision-making and details about it
i) if data is disclosed outside the validity of the General Data Protection Regulation: about guarantees that afford appropriate protection

If you wish to have more than one copy of the information, we may invoice you for this.

The data subject has the right to the following information:

a) the purposes of the processing;
b) the categories of personal data concerned;
c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data relating to the data subject or to object to such processing;
f) the right to lodge a complaint with a supervisory authority;
g) where the personal data are not collected from the data subject, any available information as to their source;
h) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
i) where personal data are transferred to a third country or to an international organisation, the data subject will have the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

We will provide the data subject with a copy of the personal data undergoing processing. For any further copies requested by the data subject, the controller may charge a reasonable fee based on administrative costs.

2. Right to rectification under Article 16 GDPR

If the data we have relating to you are incorrect, we will be happy to rectify them.

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data relating to him or her. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

3. Right to erasure under Article 17 GDPR

You have the right to have your data deleted.

The data subject has the right to obtain from the controller the erasure of personal data relating to him or her without undue delay and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
b) the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR, and where there is no other legal basis for the processing;
c) the data subject objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) GDPR;
d) the personal data have been unlawfully processed;
e) the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
f) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

4. Right to restriction of processing under Article 18 GDPR

If you wish, we shall ensure that we no longer process your data. Several grounds for when this is possible are listed under “Details +”.

The data subject has the right to obtain from the controller restriction of processing where one of the following applies:

a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data,
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims, or
d) the data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

5. Right to information under Article 19 GDPR

If your data are corrected or erased, or if their processing is restricted, we will notify all other organisations to which we have transmitted your data in the past. If you wish, we will of course also notify you of this.

If the data subject has exercised his or her right to rectification or erasure of personal data or restriction of processing carried out in accordance with Article 16, Article 17(1) and Article 18 GDPR against the controller with regard to personal data relating to him or her, and if the controller has communicated to each recipient to whom the personal data have been disclosed the data subject’s request (unless this proved impossible or involved disproportionate effort), then the data subject has the right to be informed about those recipients.

6. Right to data portability under Article 20 GDPR

As a general rule, we will hand out to you the data we have relating to you. This applies to data where you have voluntarily agreed that they can be processed, or that we have received within a contract. In addition, this is only possible if the data can be processed by us automatically. You will receive the data from us in digital form. On request, we will also transmit these data to someone else.

The data subject has the right to receive the personal data relating to him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where

a) the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) GDPR; and
b) the processing is carried out by automated means.
The rights and freedoms of others may not be adversely affected as a result.
In exercising the right to data portability pursuant to paragraph 1, the data subject has the right to have the personal data transmitted directly from us to another controller, where technically feasible.
The exercise of the right to data portability is without prejudice to the right to erasure under Article 17 GDPR. The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to object under Article 21 GDPR

You can object at any time to data processing to which you have voluntarily agreed. We will then no longer process your data from the time of your objection.

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data relating to him or her which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions.

We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the data subject has the right to object at any time to processing of personal data relating to him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the data subject objects to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
Any consent granted by the data subject may be withdrawn by him or her at any time. Any collection and processing undertaken until such time remains, however, lawful.

8. Automated individual decision-making, including profiling, under Article 22 GDPR

We shall not make decisions concerning you based exclusively on automated means. People will also always be involved in decision-making processes. (Exceptions are legally possible.)

The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.
This does not apply if the decision

a) is necessary for entering into, or performance of, a contract between the data subject and us,
b) is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
c) is based on the data subject’s explicit consent.
Such decisions may not be based on special categories of personal data referred to in Article 9(1) GDPR, unless point (a) or (g) of Article 9(2) GDPR applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.

In the cases referred to under points (a) and (c), we will implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on our part, to express his or her point of view and to contest the decision.

9. Right to lodge a complaint with a supervisory authority under Article 77 GDPR

You have the right to complain to a supervisory authority (e.g. to Lower Saxony State Data Protection) if you believe that we do not adhere to these data protection regulations.

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation. The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR. The supervisory authority responsible for us is the State Commissioner for Data Protection of Lower Saxony (https://lfd.niedersachsen.de/startseite/).

10. Right to an effective judicial remedy under Article 79 GDPR

You can, of course, lodge a complaint at any time if you believe that we have breached data protection legislation.

Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR, each data subject has the right to an effective judicial remedy where he or she considers that his or her rights under this Regulation have been infringed as a result of the processing of his or her personal data in non-compliance with this Regulation.
Proceedings against us or a processor will be brought before the courts of the Member State where we or the processor have an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the data subject has his or her habitual residence, unless we or the processor is a public authority of a Member State acting in the exercise of its public powers.

Note: Uploaded files must not be larger than 8MB

Note: Uploaded files must not be larger than 8MB

Thank you

for your interest and your application.
We will contact you as soon as possible.

Best regards
Your Wiethe Team

Consent Management Platform by Real Cookie Banner