Privacy policy

[As at: 22.01.2024]

With this information, the controller (“We”) named in Section 1 informs the user of the website (“You” or “User”) about the collection and processing of personal data in accordance with Art. 13 and 14 of the General Data Protection Regulation (GDPR). At the same time, we will inform you if we store information in the device you use to access our website or if we access information that is already stored in your device.

For the use of websites of other providers to which reference is made, e.g. via links, the data protection information provided there applies.

A General information

1 Controller and data protection officer

1.1 The data processor responsible for this website is
Martin Reinheimer
proCress IT-Consulting
Moerler Strasse 19
61169 Friedberg, Germany

1.2 You can contact the data protection officer by e-mail at datenschutz@proCress.de or via the address in section 1.1

1.3 Our website is hosted by Checkdomain (www.checkdomain.de), i.e. technically provided on web servers of this web host. The web host is a processor engaged by us in accordance with Art. 28 GDPR.

2 Rights of data subjects

If we collect personal data from you, you have the following rights as the “data subject”:

2.1 Right to information

You can request information in accordance with Art. 15 GDPR about your personal data that we process.

2.2 Right to object

You have the right to object on the special grounds of Art. 21 para. 1 GDPR. We will inform you about this separately from this information under “B”.

2.3 Right to rectification

If the information concerning you is not (or no longer) correct, you can request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.

2.4 Right to erasure

You can request the deletion of your personal data under the conditions of Art. 17 GDPR.

2.5 Right to restriction of processing

You have the right to request the restriction of the processing of your personal data (“blocking”) in the cases set out in Art. 18 GDPR.

2.6 Right to lodge a complaint

If you are of the opinion that the processing of your personal data violates data protection law, you have the right under Art. 77 para. 1 GDPR, you have the right to lodge a complaint with a data protection supervisory authority of your choice.

2.7 Right to data portability

In the event that you provide us with personal data in accordance with Art. 20 para. 1 GDPR, you have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a structured, common and machine-readable format. The collection of data for the provision of the website and the storage of log files (section 3.1 below) are absolutely necessary for the operation of the website. They are therefore not based on consent pursuant to Art. 6 para. 1 letter a DS-GVO or on a contract pursuant to Art. 6 para. 1 letter b DS-GVO, but are in accordance with Art. 6 para. 1 letter f GDPR is justified. The requirements of Art. 20 para. 1 GDPR are therefore not fulfilled in this respect.

3 Procedure: Provision of the website and creation of log files

3.1 What data is processed for what purpose?

Each time the content of the website is accessed, the web server of our web host, where our website is stored, temporarily collects and stores information (data) from the Internet browser of the accessing computer or end device of the user. This data may make it possible to identify the user and is therefore personal data.

3.1.1 The following data is collected and stored by our web host:

IP address of the user,
Date and time the website was accessed,
the protocol, e.g. HTTP,
the request method “Get” or “Post”,
Content of the request or specification of the retrieved file that was transmitted to the user,
the access status (successful transmission, error, etc.),
the amount of data transferred in bytes,
Incoming and outgoing data traffic (“traffic”),
a process identification number (“process ID”),
The time it takes for the web server to respond to the user’s request,
the website from which the user accessed the website,
the browser used by the user, the operating system, the interface, the language of the browser and the version of the browser software.

3.1.2 The temporary storage of this user data is necessary for the course of a website visit in order to enable delivery of the website. For this purpose, the user’s IP address must necessarily remain stored for the duration of the session (i.e. the website visit).

3.1.3 Further storage of the IP address with the subsequent data from the above-mentioned list beyond this purpose takes place in log files (logs). This is done so that our web host can ensure the functionality of the website and the security of the information technology systems.

3.2 What is the legal basis for processing this data? The data from section 3.1 is stored for the aforementioned temporary storage purpose and also for the further storage purpose in accordance with Art. 6 para. 1 letter f GDPR by our web host. This purpose also constitutes the legitimate interest in data processing. This legitimate interest is the interest of our web host, but also our legitimate interest in a functioning website.

3.3 Are there other recipients of the aforementioned data in addition to the controller? As our processor, our web host has technical access to the data referred to in 3.1.

3.4 How long will the data be stored? The data from 3.1.1 will be deleted as soon as it is no longer required for the purpose for which it was collected. When providing the website, this is the case when the respective session has ended. The log files are stored for a maximum of 7 days, unless a security event requires longer storage.

3.5 Is there an obligation to provide? You must provide the data from 3.1 to our web host. Otherwise you will not be able to use our website technically and our web host cannot guarantee secure technical operation.

4 Data processing procedures

4.1 Data and information processing requiring consent

Insofar as we may only collect and process personal data with your consent, we provide information on this in our consent banner in the context of the consent dialog.

4.2 Use of e-mail address and contact form data based on legitimate interests

4.2.1 What data is processed for what purpose?

Insofar as we provide you with an e-mail address and a contact form with input fields, this serves the purpose of enabling you to contact us. If you send us personal data, we will store it and process it for the purpose of contacting you.

4.2.2 What is the legal basis for processing this data?

The data from section 4.2.1 is processed on the basis of Art. 6 para. 1 letter f GDPR (legitimate interest of us as the controller). If your request is aimed at the conclusion of a contract, Art. 6 para. 1 letter b GDPR provides an additional legal basis (initiation, conclusion and performance of a contract).

4.2.3 Are there other recipients of the aforementioned data in addition to the controller?

As our processor, our web host has technical access to the data referred to in 4.2.1.

4.2.4 How long will the data be stored?

The data from 4.2.1 will be deleted as soon as it is no longer required for the purpose for which it was collected. For personal data sent to us by email or via the contact form, this is the case when the respective correspondence with the user has ended and storage is not required for other reasons. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

4.2.5 Is there an obligation to provide?

You are not obliged to provide us with data from 4.2.1. You do not have to communicate with us.

4.3 Use of the session cookie “wbk_sid” due to legitimate interests

4.3.1 What data is processed for what purpose?

As soon as you use the login form or the contact form, the session cookie “wbk_sid” is stored on your device by default. This cookie contains a long combination of numbers and letters (“ID”). The purpose of the cookie is that the user can be recognized as such and distinguished from abusive users (e.g. SPAM bots) when login data or contact information is called up.

4.3.2 What is the legal basis for processing this data?

The information in this cookie does represent personal data. However, the use of the “wbk_sid” cookie does not require consent under data protection law because the data processing is necessary to safeguard the legitimate interests of the website operator and because the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not prevail. The legal basis for data processing is therefore Art. 6 para. 1 sentence 1 letter f GDPR.

4.3.3 Are there other recipients of the aforementioned data in addition to the controller?

As our processor, our web host has technical access to the data referred to in 4.3.1.

4.3.4 How long will the data be stored?

If the user closes the browser, the cookie is automatically deleted from the user’s operating system. It is therefore only valid for the duration of your visit to the website (session cookie).

4.3.5 Is there an obligation to provide?

You are obliged to provide us with data from 4.3.1. Otherwise you will not be able to use the login form or the contact form.

4.3.6 Consent to the use of cookies?

Your consent to the storage of information about the “wbk_sid” cookie in your terminal equipment or our access to this information stored in your terminal equipment is dispensable because storage and/or access are absolutely necessary so that you can use the login form or the contact form (Section 25 (2) No. 2 TTDSG).

5 Processing of information from your end devices

5.1 If we wish to store information in the terminal equipment that you use when visiting our websites and/or access information that is already stored in your terminal equipment, we will ask you for your consent on the basis of clear and comprehensive information. This is done via a consent banner (consent banner) set up by us. We obtain the necessary consent before we access your data. You can revoke your consent at any time. However, your consent is not required for certain purposes specified in the law, so we do not ask for it in these cases. On the one hand, consent is not required if the sole purpose of storing information in the end user’s terminal equipment or the sole purpose of accessing information already stored in the end user’s terminal equipment is to carry out the transmission of a communication via a public telecommunications network. On the other hand, consent to the use of your terminal equipment is not required if the storage of information in the end user’s terminal equipment or access to information already stored in the end user’s terminal equipment is absolutely necessary so that we, as the provider of a telemedia service, can provide a telemedia service expressly requested by the user.

5.2 Such access to end devices is possible via certain technologies. The best-known technology concerns cookies. Cookies are objects that can be stored in the Internet browser or by the Internet browser on the user’s end device. When a user accesses a website, the server of the website operator or a third party can read the cookie stored there via the user’s operating system and consequently the information stored therein. A cookie can, but does not have to, contain a characteristic string of characters that enables the user’s browser to be uniquely identified when the website is called up again.

5.3 Removal option: The user can prevent or restrict the installation of cookies by setting their browser accordingly. Cookies that have already been saved can also be deleted by the user at any time via their browser. The settings for this depend on the respective browser. However, if the user prevents or restricts the installation of cookies, this may mean that not all functions of the website can be used to their full extent. What applies to cookies also applies to other technologies that make use of the user’s end device.

5.4 Cookies and similar technologies requiring consent: Our consent banner on the website provides information on cookies and similar technologies that require consent.

5.5 Cookies and similar technologies that do not require consent: With regard to cookies and similar technologies that do not require consent, we have documented internally that consent pursuant to Section 25 para. 2 TTDSG is not required.

6 Consent banner

6.1 In order to be able to obtain your legally required consent for certain services or functions or to observe your revocation in this regard, a consent banner will be displayed (consent banner). Your consent or non-consent concerns our use of your end device (computer, laptop, smartphone, tablet) through cookies or similar technologies, with which information can be stored on or read from your end device. Your consent may also be required for the processing of personal data by us or third parties in accordance with Art. 6 para. 1 sentence 1 letter a GDPR that is associated with your use of our websites. In certain cases, the law allows us to use your terminal device without your consent and/or the subsequent processing of your personal data without your consent.

6.2 We use the consent banner to inform you about all services or functions that require your consent before we use the service or function. The consent banner consists of an overview of all processing operations requiring consent and describes the details in each case so that you as a user can assess the meaning and scope of your consent. You can approve each process via a button/click button by activating it or reject it by deactivating it. There are three possible decisions:

– Selecting “Make selection and save” means that the user’s decision is saved in the same way as it was made by selecting it via the buttons/click button. All services and functions that require consent and to which the user agrees are active and can be used. The services and functions that cannot be used without consent are not integrated on the website.

– If you select “Reject all and save”, this decision will not be saved. The user’s decision is therefore that they do not consent to anything that requires their consent and means that all services and functions that require consent will not work for this user. The banner is hidden.

– Selecting “Accept and save all” means that all services and functions requiring consent are “enabled”. This means that you have given your consent in accordance with the GDPR and also agree to the use of terminal equipment. The banner is then hidden.

In the course of his further use of the websites, the user can actively cause the consent banner to appear by revoking a given consent or by obtaining consent that was not initially required. To do this, click on the “Consent settings” link. The consent banner appears again.

Your consent can therefore be revoked at any time with effect for the future. A later revocation no longer affects the legality of the access or the storage of information up to the time of revocation.

6.3 All three decisions made by the user (“Make and save selection”, “Reject all and save” or “Accept all and save”) are saved via the browser of the user’s end device in the so-called “local storage” on the user’s end device. Storage there is permanent. The information is stored in the “wbkConsent” object. This technology is not a cookie in the true sense of the word. The information in the “wbkConsent” also has no personal reference, i.e. the user is not recognized when he or she visits the WBK user’s website again. The selection decision for consent is not stored on our server. This use of the user’s terminal device does not require consent in accordance with Section 25 para. 2 No. 2 TTDSG (user request).

7 Technical measures

7.1 SSL/TSL

For security reasons and to protect the transmission of confidential content, for example by means of requests that you send to us as the site operator, our websites are protected by an active SSL or SSL-encrypted connection. TLS encryption. An encrypted connection can be recognized by the fact that the address line of the browser changes from “http://” to “https://” and a lock symbol appears in the browser line. As a result of this encryption, data that you transmit to us cannot be read by third parties.

7.2 End-to-end communication

If you contact us using an e-mail address provided on our website, the content of the e-mail sent to us is not end-to-end encrypted. This means that the e-mails are usually encrypted in transit via the e-mail providers involved, but are not encrypted on the servers there. Contacting us via the contact form provided is therefore technically secure communication.

7.3 Video integration

If you can watch videos on our websites that are marked as external links to third-party websites, this is done exclusively via the technology of linking to the respective linked website or to a video portal of a third-party provider. These videos are stored there under the data protection responsibility of the respective third-party provider. The respective linked website or video portal is therefore not directly embedded in our website. This ensures that the user’s information is not transmitted to the portal as soon as the website on which the video is integrated is loaded. It is also guaranteed that cookies or similar technologies for tracking user activities of the portals or the advertising partners of these portals cannot be placed on your end device via the mere link. Only after you consciously click on the video preview image will a connection to the third-party provider’s portal be established and the associated data processing triggered. However, this and the possible data processing of your user data on the linked portal will only take place if you wish to view the video there. The data processing triggered by this is beyond our control and is the responsibility of these third-party providers, who provide more or less detailed information about their data processing. If you do not agree to the data processing by the third-party provider, please do not click on the video preview image.
B Special information

Special right to object pursuant to Art. 21 para. 1 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6 (1) GDPR. 1 letter f GDPR (processing for the purposes of the legitimate interests pursued by us or by a third party), objection pursuant to Art. 21 para. 1 DS-GVO to object. You can send your objection to the address in section 1.1.

We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

If you object, you must explain to us in detail any interests you may have (your “particular situation”) so that we can weigh up your interests again. If our interests in further storage do not prevail, the personal data stored in the course of establishing contact will be deleted. If these still prevail, we will continue to process the data.