A. Privacy Policy for the website water-id.com
I. General Information
We take the protection of personal data very seriously. We treat personal data confidentially and in accordance with the statutory data protection regulations as well as on the basis of this privacy policy. The legal bases can be found in particular in the General Data Protection Regulation (GDPR) as well as supplementarily in the Federal Data Protection Act (BDSG) and the Telecommunications Digital Services Data Protection Act (TDDDG).
When you use our website, various personal data are processed depending on the type and scope of use. Personal data are information that relates to an identified or identifiable natural person (hereinafter referred to as the “data subject”); a natural person is considered identifiable if they can be identified directly or indirectly (e.g. by assignment to an online identifier). This includes information such as name, address, telephone number, and date of birth.
In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we may not be able to provide you with our website without restrictions or respond to your inquiries. Personal data that we do not absolutely require for the processing purposes mentioned above are marked accordingly as voluntary information.
This privacy policy informs you in accordance with Art. 12 et seq. GDPR about the handling of your personal data when using our website. It explains in particular which data we collect, how we do so, and for what purposes we require the data.
II. Controller
The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. name, email address, etc.). The controller within the meaning of the GDPR and the applicable national data protection laws (in particular BDSG) as well as other data protection regulations is:
Water-i.d. GmbH
Daimlerstr. 20
76344 Eggenstein
Germany
T: +49 (0) 721 - 78 20 29 – 0
E: info@water-id.com
III. Data Protection Officer
Robin Rastetter
Water-i.d. GmbH
Daimlerstraße 20, 76344 Eggenstein
robin.rastetter@water-id.com
0721/782029-17
IV. Data Collection on Our Website
1. Access and Visit to the Website (Server Log Files)
For the purpose of technically providing the website, it is necessary that we process certain information automatically transmitted by your device. This information is collected each time our website is accessed and stored in so-called server log files. This includes:
- IP address of the requesting device
- Date and time of access
- Access status
- Amount of data transferred in bytes
- Browser type, operating system, interface, browser language, version of the browser software
- Referrer URL
- Content of the request or indication of the retrieved file that was transmitted to the user
The collected personal data are stored for a maximum of 14 days.
Insofar as you use our website to inform yourself about our products and services or to use them, the legal basis for the temporary storage and processing of access data is Art. 6 para. 1 sentence 1 lit. b GDPR, § 25 para. 2 no. 2 TDDDG, which permits the processing of data for the fulfillment of a contract or the implementation of pre-contractual measures. In addition, Art. 6 para. 1 sentence 1 lit. f GDPR, § 25 para. 2 no. 2 TDDDG serve as the legal basis. Our legitimate interest lies in providing you with a technically functioning and user-friendly website and ensuring the security of our systems.
For this purpose, we work together with an external service provider. We store our hosting data on a root server with the responsible service provider:
netcup GmbH
Emmy-Noether-Straße 10
76131 Karlsruhe, GERMANY
We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR with netcup GmbH. The privacy notices of netcup GmbH can be found at https://www.netcup.com/de/kontakt/datenschutzerklaerung.
2. Cookies
a) General
We use so-called “cookies” on our website. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our offer more user-friendly, effective, and secure and to enable the provision of certain functions. Cookies are small text files that are stored on your computer and saved by your browser. A cookie contains a characteristic string that enables the unique identification of your browser when the website is accessed again.
We use the following cookies:
- Session cookies
- Temporary cookies (e.g. cookies for analysis purposes, plugins, etc.)
Cookies are automatically accepted by most browsers. Cookies can be deleted individually or completely in the respective browser. If you completely disable cookies in your browser settings, this may result in not all functions of our website being available to you.
b) Session Cookies
We use session cookies to determine that you have visited our website and individual pages. Session cookies store a session ID and do not provide any indication of your identification. The information is deleted as soon as you close your browser. Session cookies serve a technically functioning website and enable a user-friendly website. Session cookies store a “session ID” and an “XRSF token” in order to be able to assign requests to an active session and to protect against cross-site attacks.
c) Temporary Cookies
Some of the cookies that we use on our website come from third parties who help us analyze the impact of our website content and the interests of our visitors, measure the performance of our website, or place targeted advertising and other content on our or other websites.
d) Legal Basis
Cookie-based data processing is carried out primarily on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, § 25 para. 1 TDDDG. In addition, Art. 6 para. 1 sentence 1 lit. c GDPR, § 25 para. 2 no. 2 TDDDG and Art. 6 para. 1 sentence 1 lit. f GDPR, § 25 para. 2 no. 2 TDDDG serve as the legal basis. Our legitimate interest lies in providing you with a technically functioning and user-friendly website and ensuring the security of our systems.
3. Contact
If you contact us within the framework of an existing contractual relationship or contact us in advance for information about our services or other offerings, the data and information you provide will be processed for the purpose of processing and responding to your inquiry in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR (contract performance). Otherwise, data processing is carried out to safeguard our legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR for the proper handling of customer and contact inquiries. If you have given us your consent, data processing is based on Art. 6 para. 1 lit. a GDPR.
a) Contact Form
If you send us inquiries via the contact form, your message including the contact data you provide there will be stored by us for the purpose of processing and responding to the inquiry and in case of follow-up questions, and processed accordingly. We do not pass this data on to third parties unless this is necessary for processing and responding to your inquiry or you have given us your corresponding consent.
To process and respond to your inquiry, we generally process the following personal data from you:
- Email address
- First and last name
- If applicable, proactively provided personal data (message field)
b) Contact by Telephone and Email
If you send us inquiries by email, telephone, or fax, your message including the personal data you provide (name, email address, telephone number, fax number, etc.) will be stored by us for the purpose of processing and responding to the inquiry and in case of follow-up questions, and processed accordingly. We do not pass this data on to third parties unless this is necessary for processing and responding to your inquiry or you have given us your corresponding consent.
c) Email Dispatch
We use Microsoft Graph API for sending emails, a service provided by
Microsoft Ireland Operations Ltd.
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18, IRELAND.
We have concluded a data processing agreement pursuant to Art. 28 para. 3 GDPR with Microsoft Ireland Operations Ltd. You can view this at https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?year=2021.
4. Plugins
a) Session Cookies
We use session cookies. These store a session ID and an XRSF token in order to be able to assign requests to the active session and to protect against cross-site attacks.
The legal basis for processing is Art. 6 para. 1 sentence 1 lit. f GDPR, § 25 para. 2 no. 2 TDDDG. Our legitimate interest lies in providing you with a technically functioning and user-friendly website and ensuring the security of our systems.
b) YouTube
We use plugins of the social media service “YouTube” provided by the data protection–responsible provider
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, IRELAND.
On our website, you will find videos in various places that you can watch using YouTube. When using YouTube, we use the so-called “no-cookie function”, meaning that the extended data protection mode is activated. YouTube videos are not accessed via youtube.com, but via youtube-nocookie.com. As a result, no cookies are stored on your device.
When you click the play button of an embedded video, a direct connection is established between your browser and the Google server via the plugin. Google thereby receives the information that you have visited our website with your IP address. If you are logged into your YouTube user account at the same time, you enable Google to associate your browsing behavior directly with your personal profile. If you do not wish this, please log out of your YouTube user account before visiting our website.
In addition, you can access our official YouTube video channel via the YouTube logo.
Further information can be found in Google’s privacy policy at: https://policies.google.com/privacy.
We do not receive any knowledge of the content of the data that may be transmitted to Google or its use by Google.
Data processing is carried out on the basis of your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG).
c) X Plugin
We use plugins of the microblogging service “X” (formerly “Twitter”) provided by the data protection–responsible provider
X International Unlimited Company
One Cumberland Place, Fenian Street
Dublin 2, IRELAND.
You can recognize the X plugins by the X logo and the “tweet” button on our site. When you click the X logo on our website, a direct connection is established between your browser and the X server via the plugin and you are redirected to our subpage there. X thereby receives the information that you have visited our website with your IP address.
If you click the “X” button while logged into your X account, you can link the content of our website with this account. This also enables X to associate the visit to our website with your account. If you do not wish this, please log out of your X account before visiting our website.
Further information can be found in X’s privacy policy at: https://x.com/de/privacy.
We do not receive any knowledge of the content of the data that may be transmitted to X or its use by X.
The processing of personal data is carried out on the basis of your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG).
d) Instagram Plugin
We use a plugin of the social media service “Instagram” provided by the data protection–responsible provider
Meta Platforms Ireland Limited
4 Grand Canal Square
Dublin 2, IRELAND.
You can recognize the Instagram plugin by the Instagram logo on our website.
When you click it, a direct connection is established between your browser and the Instagram server via the plugin and you are redirected to our subpage there. Meta thereby receives the information that you have visited our website with your IP address.
Further information can be found in the privacy policy at: https://privacycenter.instagram.com/policy.
We do not receive any knowledge of the content of the data that may be transmitted to Meta or its use by Meta.
The processing of personal data is carried out on the basis of your consent (Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TDDDG).
V. Data Transfer to Third Countries
We generally process your personal data in a member state of the European Union or another contracting state of the Agreement on the European Economic Area (Decision 94/1/EC). If data are transferred to service providers based outside the EU or the EEA, there is an adequacy decision pursuant to Art. 45 GDPR for the relevant countries (currently: USA), which ensures a level of data protection in line with the GDPR and permits data transfer without special authorization. Unless otherwise stated, service providers based in the USA are certified under the applicable EU-US Data Privacy Framework.
Further data processing by external service providers is beyond our control. Your data may be processed in third countries that do not guarantee the same level of data protection as within the EU. Details can be found in the respective privacy policies of the service provider, which we have linked accordingly.
VI. Duration of Data Storage
We process and store your personal data only for as long as the respective purpose of use requires appropriate storage. This may also include the periods of initiation and execution of a contract. If you have given us your consent for a specific data processing operation, we store the data in question as long as the consent remains valid. Unless otherwise stated, you can find details about the duration of storage of your personal data with third-party providers in the privacy policy of the data protection–responsible service provider. These are linked at the appropriate places.
Once the purpose of use has ceased or you have withdrawn your consent, we will delete your personal data immediately, unless statutory retention obligations require longer storage.
VII. Your Rights as a Data Subject
As a data subject (Art. 4 no. 1 GDPR), you are entitled to the following rights with regard to your personal data under the statutory conditions:
1. Right of Access
You are entitled at any time within the scope of Art. 15 GDPR to request confirmation from us as to whether personal data concerning you are being processed. If this is the case, you are also entitled within the scope of Art. 15 GDPR to obtain information about these personal data as well as certain further information (including processing purposes, categories of personal data, categories of recipients, planned storage duration, origin of the data, use of automated decision-making, and, in the case of transfers to third countries, suitable safeguards) and a copy of your data. The restrictions of § 34 BDSG apply.
2. Right to Rectification
You are entitled pursuant to Art. 16 GDPR to request that we correct personal data concerning you that are incorrect or inaccurate.
3. Right to Erasure
You are entitled under the conditions of Art. 17 GDPR to request that we delete personal data concerning you without undue delay. The right to erasure does not exist, among other things, if the processing of personal data is necessary, for example, to fulfill a legal obligation (e.g. statutory retention obligations) or to assert, exercise, or defend legal claims. In addition, the restrictions of § 35 BDSG apply.
4. Right to Restriction of Processing
You are entitled under the conditions of Art. 18 GDPR to request that we restrict the processing of your personal data.
5. Right to Data Portability
You are entitled under the conditions of Art. 20 GDPR to request that we provide you with the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format.
6. Right to Withdraw Consent
You may withdraw any consent you have given to the processing of personal data at any time. Please note that the withdrawal only takes effect for the future. Processing that took place before the withdrawal is not affected.
To declare the withdrawal, an informal notification is sufficient, e.g. by email to robin.rastetter@water-id.com.
7. Right to Object to Data Processing Based on Legitimate Interests
You are entitled under the conditions of Art. 21 GDPR to object at any time to the processing of your data that is based on Art. 6 para. 1 sentence 1 lit. f GDPR (data processing on the basis of a balancing of interests) if there are reasons arising from your particular situation.
If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the assertion, exercise, or defense of legal claims.
To declare the objection, an informal notification is sufficient, e.g. by email to robin.rastetter@water-id.com .
8. Right to Lodge a Complaint with a Supervisory Authority
Under the conditions of Art. 77 GDPR, you have the right to lodge a complaint with a competent supervisory authority. In particular, you may lodge a complaint with the supervisory authority responsible for us, the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Tel. 0711/6155410, Email: poststelle@lfdi.bwl.de.
9. Other Concerns
For further data protection questions and concerns, our data protection officer is available to you. Corresponding inquiries and the exercise of your above rights should preferably be sent by email to robin.rastetter@water-id.com .