Data Protection

Richard Wenzel GmbH & Co.KG

Benzstraße 5, 63741 Aschaffenburg

T +49 (0) 6021.34 69 – 0

F +49 (0) 6021.34 69 – 88

info@wenzel-kerzen.de

Managing Directors

Andreas Jaksch & Peter Jaksch

Legal Form

GmbH & Co.KG

Chambers of Commerce

IHK Aschaffenburg, Kerzeninnung, HWK Unterfranken

VAT ID

DE 132 068 242

Type of Register

Handelsregister

Register / Location

Amtsgericht Aschaffenburg

Register Number

HRA 2374

 

Data Protection Officer

We have appointed a data protection officer for our company:

Dipl. Ing. K. Skodras

E-Mail: datenschutz@wenzel-kerzen.de

 

Last updated: May 3, 2021

1. Basic Information on Data Processing and Legal Basis
   1. This privacy policy informs you about the nature, scope, and purpose of the processing of personal data within our online services and the associated websites, functions, and content (hereinafter collectively referred to as "online services" or "website"). This privacy policy applies regardless of the domains, systems, platforms, and devices (e.g., desktop or mobile) used to access the online services.
   2. For definitions of terms used, such as "personal data" or "processing," please refer to Article 4 of the General Data Protection Regulation (GDPR).
   3. The personal data of users processed within the scope of this online service includes master data (e.g., names and addresses of customers), contract data (e.g., services used, names of account managers, payment information), usage data (e.g., the web pages of our online service visited, interest in our products), and content data (e.g., entries in the contact form).
   4. The term "user" encompasses all categories of data subjects. These include our business partners, customers, prospective customers, and other visitors to our online service. The terminology used, such as "user," is to be understood as gender-neutral
   5. We process users' personal data only in compliance with the applicable data protection regulations. This means that user data is processed only if there is a legal basis for doing so. This means that, in particular, data processing is necessary for the provision of our contractual services (e.g., order processing) and online services, or is legally required, user consent has been obtained, as well as based on our legitimate interests (i.e., our interest in the analysis, optimization, and economic operation and security of our online services within the meaning of Art. 6 Para. 1 lit. f GDPR), especially for audience measurement, the creation of profiles for advertising and marketing purposes, the collection of access data, and the use of third-party services.
   6. We would like to point out that the legal basis for consent is Art. 6 Para. 1 lit. a and Art. 7 GDPR, the legal basis for processing to fulfill our services and implement contractual measures is Art. 6 Para. 1 lit. b GDPR, the legal basis for processing to fulfill our legal obligations is Art. 6 Para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 Para. 1 lit. f GDPR.
2. Security measures
   1. We take Organizational, contractual, and technical security measures in accordance with the state of the art to ensure compliance with data protection laws and to protect the data we process against accidental or intentional manipulation, loss, destruction, or access by unauthorized persons.
   2. These security measures include, in particular, the encrypted transmission of data between your browser and our server.
3. Disclosure of data to third parties and third-party providers
   1. Data is only disclosed to third parties within the framework of legal requirements. We only disclose user data to third parties if this is necessary, for example, for contractual purposes based on Article 6(1)(b) GDPR or based on legitimate interests pursuant to Article 6(1)(f) GDPR in the efficient and effective operation of our business.
   2. If we use subcontractors to provide our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of personal data in accordance with the relevant legal regulations.
   3. If, within the scope of this privacy policy, content, tools, or other resources from other providers (hereinafter collectively referred to as "third-party providers") are used and their registered office is located in a third country, it must be assumed that a data transfer to the countries where these third-party providers are based takes place. Third countries are understood to be countries where the GDPR does not apply.
4. Provision of Contractual Services
   1. We process inventory data (e.g., names, addresses, and contact details of users) and contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and providing services in accordance with Art. 6 Para. 1 lit. b GDPR.
   2. Users can optionally create a user account, which allows them, in particular, to view their orders. During registration, users are informed of the required mandatory information. User accounts are not public and cannot be indexed by search engines. If users terminate their user account, their data relating to the user account will be deleted, unless its retention is necessary for commercial or tax law reasons in accordance with Art. 6 Para. 1 lit. c GDPR. It is the users' responsibility to back up their data before the end of the contract if they have terminated their account. We are entitled to irretrievably delete all user data stored during the contract period.
   3. As part of the registration and subsequent login processes, as well as the use of our online services, we store the IP address and the time of each user action. This storage is based on our legitimate interests, as well as the user's interest in protection against misuse and other unauthorized use. This data is generally not shared with third parties, unless it is necessary for pursuing our claims or there is a legal obligation to do so pursuant to Art. 6 para. 1 lit. c GDPR.
   4. We process usage data (e.g., the websites of our online service visited, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile in order to, for example, show the user product recommendations based on their previously used services.
5. Contacting Us
   1. When you contact us (via contact form or email), the information you provide will be processed in accordance with Art. 6 para. 1 lit. b) GDPR for the purpose of processing and handling your inquiry.
   2. User data may be stored in our Customer Relationship Management system (“CRM system”) or a comparable system for managing inquiries.
6. Comments and Posts
   1. When users leave comments or other posts, their IP addresses are stored for 7 days based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR.
   2. This is for our security in case someone leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In such cases, we ourselves could be held liable for the comment or post and are therefore interested in the author's identity.
7. Collection of Access Data and Log Files
   1. Based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, we collect data about every access to the server on which this service is located (so-called server log files). Access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
   2. Log file information is stored for a maximum of seven days for security reasons (e.g., to investigate misuse or fraud) and then deleted. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident is fully resolved.
8. Cookies & Audience Measurement
   1. Cookies are pieces of information that are transferred from our web server or third-party web servers to users' web browsers and stored there for later retrieval. Cookies can be small files or other types of information storage.
   2. We use session cookies, which are only stored for the duration of your current visit to our website (e.g., to save your login status or shopping cart contents, thus enabling you to use our online services). A session cookie contains a randomly generated, unique identification number, a so-called session ID. It also contains information about its origin and storage duration. These cookies cannot store any other data. Session cookies are deleted when you end your use of our online services, for example, by logging out or closing your browser.
   3. Users are informed about the use of cookies for pseudonymous audience measurement in this privacy policy.
   4. If users do not wish to have cookies stored on their computer, they are asked to disable the corresponding option in their system settings. Der Ausschluss von Cookies kann zu Funktionseinschränkungen dieses Onlineangebotes führen. Disabling cookies may limit the functionality of this website.
   5. You can opt out of the use of cookies for audience measurement and advertising purposes via the Network Advertising Initiative's opt-out page (http://optout.networkadvertising.org/) and additionally via the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/). Please note the following requirements when using Google Analytics: IP anonymization must be enabled (support.google.com/analytics/answer/2905384; 2.) and the "Data Processing Amendment" must be accepted in the Google Analytics administration area. ​support.google.com/analytics/answer/2905384; 2.) und es muss der „Zusatz zur Datenverarbeitung“ im Verwaltungsbereich von Google Analytics akzeptiert werden.
9. Google Analytics
   1. Based on our legitimate interests (i.e., our interest in the analysis, optimization, and economic operation of our website within the meaning of Art. 6 Para. 1 lit. f GDPR), we use Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google uses cookies. The information generated by the cookie about your use of this website is generally transmitted to and stored on a Google server in the USA.
   2. Google is certified under the Privacy Shield Framework and thus guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). 
   3. Google will use this information on our behalf to evaluate your use of our website, to compile reports on website activity, and to provide us with other services relating to website activity and internet usage. Pseudonymous user profiles may be created from the processed data.
   4.  Google will use this information on our behalf to evaluate your use of our website, to compile reports on website activity, and to provide us with other services relating to website activity and internet usage. We use Google Analytics to display ads served through Google's and its partners' advertising services only to users who have shown an interest in our online offerings or who exhibit certain characteristics (e.g., interests in specific topics or products, determined based on the websites they visit) that we transmit to Google (so-called "remarketing" or "Google Analytics Audiences"). With the help of remarketing audiences, we also want to ensure that our ads correspond to users' potential interests and are not perceived as intrusive.
   5. We only use Google Analytics with IP anonymization enabled. This means that Google shortens the IP address of users within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
   6. The IP address transmitted by the user's browser is not merged with other Google data. Users can prevent the storage of cookies by adjusting their browser settings accordingly. Users can also prevent Google from collecting and processing data generated by the cookie and related to their use of the online service by downloading and installing the browser plugin available at the following link: tools.google.com/dlpage/gaoptout;tools.google.com/dlpage/gaoptout;
   7. Further information on Google's data usage, settings, and opt-out options can be found on Google's websites: www.google.com/intl/de/policies/privacy/partners ("How Google uses data when you use our partners' sites or apps"), www.google.com/policies/technologies/ads ("How Google uses data for advertising"), www.google.de/settings/ads ("Manage the information Google uses to show you ads").​www.google.com/intl/de/policies/privacy/partners www.google.com/policies/technologies/ads www.google.de/settings/ads („Informationen verwalten, die Google verwendet, um Ihnen Werbung einzublenden“).
10. Google-Re/Marketing-Services
    1. Based on our legitimate interests (i.e., our interest in analyzing, optimizing, and operating our online services economically, in accordance with Article 6(1)(f) of the GDPR), we use the marketing and remarketing services (hereinafter referred to as "Google Marketing Services") of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google").
    2. Google is certified under the Privacy Shield Framework and thus guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). 
    3. Google Marketing Services allow us to display advertisements on and for our website in a more targeted manner, so that users only see ads that potentially match their interests. For example, if a user is shown ads for products they have previously viewed on other websites, this is called "remarketing." For these purposes, when our website and other websites where Google marketing services are active are accessed, Google executes a code directly and integrates so-called (re)marketing tags (invisible graphics or code, also known as "web beacons") into the website. These tags store an individual cookie, i.e., a small file, on the user's device (comparable technologies may also be used instead of cookies). The cookies can be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, and googleadservices.com. This file records which websites the user has visited, which content they are interested in, and which offers they have clicked on, as well as technical information about the browser and operating system, referring websites, visit time, and other information about the use of the online service. The IP address of users is also recorded. As part of Google Analytics, we inform you that the IP address is shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area and is only transmitted in full to a Google server in the USA and shortened there in exceptional cases. The IP address is not combined with user data from other Google services. Google may also combine the aforementioned information with information from other sources. When the user subsequently visits other websites, they may be shown ads tailored to their interests.
    4. User data is processed pseudonymously within the framework of Google marketing services. This means that Google does not store or process, for example, the name or email address of users, but rather processes the relevant data on a cookie-related basis within pseudonymous user profiles. In other words, from Google's perspective, the ads are not managed and displayed for a specifically identified person, but for the cookie holder, regardless of who that cookie holder is. This does not apply if a user has explicitly permitted Google to process the data without this pseudonymization. The information collected about users by Google marketing services is transmitted to Google and stored on Google's servers in the USA.
    5. Among the Google marketing services we use is the online advertising program "Google AdWords." In the case of Google AdWords, each AdWords customer receives a different "conversion cookie." Therefore, cookies cannot be tracked across the websites of different AdWords customers. The information obtained with the help of the cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can personally identify users.
    6. We may integrate third-party advertisements based on the Google marketing service "DoubleClick." DoubleClick uses cookies that enable Google and its partner websites to display ads based on users' visits to this website and other websites on the internet.
    7. We may integrate third-party advertisements based on the Google marketing service "AdSense." AdSense uses cookies that enable Google and its partner websites to display ads based on users' visits to this website and other websites on the internet.
    8. We may also use the "Google Optimizer" service. Google Optimizer allows us to track the effects of various website changes (e.g., changes to input fields, design, etc.) through so-called "A/B testing." Cookies are stored on users' devices for these testing purposes. Only pseudonymous user data is processed. 
    9. Furthermore, we may use the "Google Tag Manager" to integrate and manage Google's analytics and marketing services on our website.​
    10. For more information on Google's use of data for marketing purposes, please see the overview page: www.google.com/policies/technologies/ads. Google's privacy policy is available at www.google.com/policies/privacy. www.google.com/policies/technologies/ads www.google.com/policies/privacy abrufbar.
    11. Further information on Google's use of data for marketing purposes can be found on the overview page: www.google.com/policies/technologies/ads. Google's privacy policy is available at www.google.com/policies/privacy. If you wish to object to interest-based advertising by Google marketing services, you can use the settings and opt-out options provided by Google: www.google.com/ads/preferences www.google.com/ads/preferences
11. Integration of third-party services and content
    1. Based on our legitimate interests (i.e., our interest in the analysis, optimization, and economic operation of our online services within the meaning of Art. 6 Para. 1 lit. f GDPR), we integrate content or service offerings from third-party providers into our online services to include their content and services, such as videos or fonts (hereinafter referred to collectively as "Content"). This always requires that the third-party providers of this Content are aware of the users' IP addresses, as they could not send the Content to their browsers without the IP address. The IP address is therefore necessary for displaying this Content. We strive to use only Content from providers who use the IP address solely for delivering the Content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. These pixel tags allow for the evaluation of information such as visitor traffic on the pages of this website. The pseudonymized information can also be stored in cookies on the user's device and may include, among other things, technical information about the browser and operating system, referring websites, time of visit, and other details about the use of our online services. This information can also be combined with information from other sources.
    2. The following overview lists third-party providers and their content, along with links to their privacy policies, which contain further information on data processing and, in some cases, the opt-out options already mentioned here:
       • If our customers use third-party payment services (e.g., PayPal or instant bank transfer), the terms and conditions and privacy policies of the respective third-party providers apply. These can be accessed on their respective websites or transaction applications. ​
       • External fonts from Google, Inc., www.google.com/fonts ("Google Fonts"). Google Fonts are integrated by making a server request to Google (usually in the USA). Privacy policy: www.google.com/policies/privacy/, Opt-out: www.google.com/settings/ads  www.google.com/fonts  www.google.com/policies/privacy/, Opt-Out: www.google.com/settings/ads
       • Maps from the "Google Maps" service are provided by the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: www.google.com/policies/privacy/, Opt-out: www.google.com/settings/ads www.google.com/policies/privacy/, Opt-Out: www.google.com/settings/ads
       • Videos from the platform “YouTube” of the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy Policy: www.google.com/policies/privacy/, Opt-out: www.google.com/settings/ads www.google.com/policies/privacy/, Opt-Out: www.google.com/settings/ads
       • Our website integrates features of the Google+ service. These features are provided by the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. If you are logged into your Google+ account, you can link the content of our pages to your Google+ profile by clicking the Google+ button. This allows Google to associate your visit to our pages with your user account. Please note that as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by Google+. Privacy policy: www.google.com/policies/privacy/, Opt-out: www.google.com/settings/ads​www.google.com/policies/privacy/, Opt-Out: www.google.com/settings/ads
       • Our website integrates features of the Instagram service. These features are provided by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you are logged into your Instagram account, you can link the content of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to associate your visit to our pages with your user account. Please note that as the provider of these pages, we have no knowledge of the content of the transmitted data or its use by Instagram. Privacy policy: instagram.com/about/legal/privacy instagram.com/about/legal/privacy
       • Our website uses features of the LinkedIn network. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time you access one of our pages containing LinkedIn features, a connection to LinkedIn's servers is established. LinkedIn is then informed that you have visited our website with your IP address. If you click the LinkedIn "Recommend" button and are logged into your LinkedIn account, LinkedIn can associate your visit to our website with you and your user account. Please note that as the website provider, we have no knowledge of the content of the transmitted data or its use by LinkedIn. Privacy policy: www.linkedin.com/legal/privacy-policy, Opt-out: www.linkedin.com/psettings/guest-controls/retargeting-opt-out www.linkedin.com/legal/privacy-policy, Opt-Out: www.linkedin.com/psettings/guest-controls/retargeting-opt-out
       • We use social plugins from the social network Pinterest, operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). When you visit a page containing such a plugin, your browser establishes a direct connection to Pinterest's servers. The plugin transmits log data to Pinterest's server in the USA. This log data may include your IP address, the address of the websites you visit that also contain Pinterest features, your browser type and settings, the date and time of your request, your use of Pinterest, and cookies. Privacy policy: about.pinterest.com/de/privacy-policy about.pinterest.com/de/privacy-policy
       • Our website integrates features from the Twitter service. These features are offered by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Retweet" function, the websites you visit are linked to your Twitter account and shared with other users. Data is also transmitted to Twitter in this process. Please note that as the website provider, we have no knowledge of the content of the transmitted data or how Twitter uses it. Twitter's privacy policy can be found at twitter.com/privacy. You can change your privacy settings on Twitter in your account settings at twitter.com/account/settings. twitter.com/privacy twitter.com/account/settings ändern.
       • We use social plugins from the social network Tumblr, operated by Tumblr, Inc., located at 35 East 21st Street, 10E, New York, NY 10010, USA (“Tumblr”). When you visit a page containing such a plugin, your browser establishes a direct connection to Tumblr's servers. The plugin transmits log data to Tumblr's server in the USA. This log data may include your IP address, the address of the websites you visit that also contain Tumblr features, your browser type and settings, the date and time of your request, your use of Tumblr, and cookies. Privacy policy: www.tumblr.com/policy/en/privacy​www.tumblr.com/policy/en/privacy
       • We use features of the XING network. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time you access one of our pages that includes XING features, a connection is established with XING's servers. To our knowledge, no personal data is stored in this process. In particular, no IP addresses are stored, nor is user behavior analyzed. Privacy policy: www.xing.com/app/share www.xing.com/app/share
       • Web analytics and optimization are performed using the Hotjar service, provided by the third-party company Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe. Hotjar allows us to track user movements on websites where it is implemented (so-called heatmaps). This reveals, for example, how far users scroll and which buttons they click and how often. Technical data such as language, operating system, screen resolution, and browser type are also collected. This allows us to create user profiles, at least temporarily, during visits to our website. Furthermore, Hotjar enables us to collect feedback directly from website users. This provides us with valuable information to make our websites even faster and more user-friendly. Privacy policy: www.hotjar.com/privacy. Opt-out: www.hotjar.com/opt-out www.hotjar.com/privacy. Opt-Out: www.hotjar.com/opt-out
       • External code from the JavaScript framework “jQuery”, provided by the third-party jQuery Foundation, jquery.orgjquery.org
12. User Rights
    1. Users have the right to request, free of charge, information about the personal data we have stored about them.
    2. In addition, users have the right to rectification of inaccurate data, restriction of processing, and erasure of their personal data, as applicable, to exercise their right to data portability, and, in the event of suspected unlawful data processing, to lodge a complaint with the competent supervisory authority.
    3. Users may also withdraw their consent, generally with effect for the future.
13. Data Erasure
    1. The data we store is erased as soon as it is no longer required for its intended purpose and there are no legal obligations to retain it. If user data is not erased because it is required for other legally permissible purposes, its processing will be restricted. This means the data will be blocked and not processed for other purposes. This applies, for example, to user data that must be retained for commercial or tax law reasons.
    2. In accordance with legal requirements, data is retained for 6 years pursuant to Section 257 Paragraph 1 of the German Commercial Code (HGB) (commercial books, inventories, opening balance sheets, annual financial statements, commercial correspondence, accounting documents, etc.) and for 10 years pursuant to Section 147 Paragraph 1 of the German Fiscal Code (AO) (books, records, management reports, accounting documents, commercial and business correspondence, documents relevant for taxation, etc.).
14. Right to object
    1. Users may object to the future processing of their personal data at any time in accordance with legal requirements. In particular, objections may be made against processing for direct marketing purposes.
15. Changes to the Privacy Policy
    1. We reserve the right to amend this Privacy Policy to reflect changes in the law or modifications to the service or data processing. This applies only to statements regarding data processing. If user consent is required or if parts of the Privacy Policy govern the contractual relationship with users, changes will only be made with the users' consent.
    2. Users are encouraged to review the Privacy Policy regularly.