Name and address of the controller responsible for processing
Controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions of a data protection nature:
Roman Wagner Verwaltungs + Marketing GmbH
D-54338 Schweich, Germany
Responsible for data protection:
Data Protection Officer
Objection to advertising e-mails
We hereby object to the use of contact data published within the scope of the statutory legal notice to send unsolicited advertising and information material. The operators of the website expressly reserve the right to take legal action against unsolicited mailing of advertising materials, e.g. by means of spam e-mails.
We are pleased that you are visiting our website. Data protection enjoys an extremely high priority for us. It is generally possible to use our Internet services without providing any personal data. To the extent that special services are to be accessed via our website, it could be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.
The processing of personal data, e.g. of the name, address, e-mail address or phone number of the subject, always occurs in accordance with the General Data Protection Regulation and consistent with country-specific data protection regulations. By means of this privacy statement, we would like to inform visitors to our website about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, this privacy statement informs data subjects as to their rights.
Roman Wagner Verwaltungs + Marketing GmbH, represented by Managing Directors Roman Wagner and Margareta Wagner, as the controller responsible for processing, has implemented numerous technical and organizational measures in order to ensure the greatest possible protection of personal data processed via this website. Nevertheless, in principle, Internet-based data transmissions may have security gaps, so that absolute protection cannot be guaranteed. Therefore, each data subject is free to provide us with personal data by alternative means, i.e. via telephone.
Explanation of terminology
The privacy statement is based on the terms used by the European directive and regulation issuer upon adoption of the General Data Protection Regulation (GDPR) and is intended to be easily legible and understandable for the general public, as well as our customers and business partners. For this purpose, we are first explaining the terminology used:
In this data protection declaration, we use the following terms, among others:
a) Personal data
Personal data means any information relating to an identified or identifiable natural person (hereafter referred to as a “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without referencing additional information, provided that such additional information is kept separately and is subject to technical and organizational measures ensuring that the personal data are not attributed to an identified or identifiable natural person.
g) Controller or controller responsible for processing
The controller or controller responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of processing of personal data. Where the purposes and means of such processing are laid down by EU law or by the law of the member states, the controller or controllers may be designated in accordance with EU law or with the law of the member states on the basis of certain criteria.
A processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
A recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with EU or member state law are not regarded as recipients.
j) Third party
A third party is a atural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject is any freely-given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Collection of general data and information
We have signed a processing contract with our web host, “1und1”.
Each time our website is called up by a data subject or an automated system, it collects a series of general data and information. This general data and information are stored in the log files of the server. Data collected may include the (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-sites which are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information which may be of use in averting threats in case of attacks on our IT systems.
In using this general data and information, we do not draw any conclusions about the person concerned. Rather, this information is required (1) to correctly deliver the content of our website, (2) to optimize the content and advertising of our website, (3) to ensure the long-term functionality of our information technology systems and the technology of our website, and (4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber-attack. This anonymously collected data and information are therefore evaluated by us both statistically and with the aim of enhancing data protection and data security in our company in order to ultimately ensure an optimum level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by the data subject.
Subscription to our newsletter
On our website, users are given the opportunity to subscribe to our company newsletter. Which personal data are transferred to the controller when subscribing to the newsletter is a function of the input screen used for this purpose.
Roman Wagner Verwaltungs + Marketing GmbH, Managing Directors Roman Wagner and Margareta Wagner, informs its customers and business partners at regular intervals by means of a newsletter about offers of the company. Our company’s newsletter can only be received by the data subject if (1) the data subject has a valid e-mail address and (2) the data subject registers to receive the newsletter. For legal reasons, a confirmation e-mail in a double opt-in procedure is sent to the e-mail address entered for the first time by a data subject for the purpose of sending the newsletter. This confirmation e-mail is used to verify whether the owner of the e-mail address as the data subject has authorized receipt of the newsletter.
When subscribing to the newsletter, we also store the IP address assigned by the Internet service provider (ISP) to the computer system used by the data subject at the time of registration as well as the date and time of registration. The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later date and therefore serves as legal protection for the data controller.
The personal data collected as part of a newsletter registration are only used to send out our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for running the newsletter service or for relevant registration, as may be the case in the event of changes to the newsletter service or changes to the technical conditions. No personal data collected within the scope of the newsletter service will be passed on to third parties. As a data subject, you can cancel your subscription to our newsletter at any time. The consent to the storage of personal data, which you have given us for the newsletter dispatch, can be withdrawn at any time. For the purpose of withdrawing your consent, you will find a corresponding link in every newsletter. Furthermore, it is possible at any time to unsubscribe from newsletter delivery directly on our website or by informing us of this in any other way.
Contact option via the website
Due to legal regulations, our website contains information that enables quick contact to our company by electronic means and direct communication with us, which also includes a general address for so-called electronic mail (e-mail address). If you contact us by e-mail or via a contact form, the personal data transmitted by you as a data subject will be automatically stored.
The personal data involves individual details about personal or objective factual circumstances that can be specifically attributed to your person or, if applicable, to your co-applicant. The personal data processed and used by us (“data”) are the data transmitted by you via e-mail.
The personal data collected from you are only be used for correspondence and for the respective contractual purpose, unless you have provided us additional consent. We disclose your data to third parties in accordance with statutory requirements and within the scope of the intended purpose only if this is necessary for providing a service requested by you.
Routine erasure and blocking of personal data
We process and store your personal data only for the period necessary to achieve the storage purpose or if this has been provided for by the European directive and regulation issuer or by another legislator in laws or regulations to which we as data controller are subject with respect to processing of data.
If the storage purpose no longer applies or if a storage period prescribed by the European directive and regulation issuer or by another competent legislator expires, the personal data are blocked or erased routinely and in accordance with the statutory provisions.
Your rights as a data subject
a) Right to confirmation
Each data subject has the right granted by the European directive and regulation issuer to obtain the confirmation from the controller as to whether or not his or her personal data are being processed. If a data subject wishes to exercise this right of confirmation, he or she may contact our data protection officer or any other staff member of the controller responsible for processing the data.
b) Right to information
Each data subject has the right granted by the European directive and regulation issuer to obtain information at any time from the controller responsible for processing the data free of charge concerning his or her personal data stored and to receive a copy of this information. Furthermore, the European directive and regulation issuer has provided for the data subject to receive the following information:
- the purposes of the processing
- the categories of personal data processed
- the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations
where possible, the planned period for which the personal data will be stored, or, if this is not possible, the criteria used to determine that period
- the existence of the right to rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject by the controller, or the right to object to such processing
- the existence of the right to appeal to a supervisory authority
- if the personal data are not collected from the data subject: All available information concerning the source of the data
- the existence of automated decision-making, including profiling, referred to in Article 22 Sect. 1 and 4 GDPR and — at least in these cases — meaningful information concerning the logic involved, as well as the significance and envisaged consequences of such processing for the data subject
Furthermore, the data subject has the right to obtain information as to whether personal data are transferred to a third country or to an international organization. To the extent this is the case, the data subject has the right to be informed of the appropriate safeguards relating to the transfer.
If a data subject wishes to exercise this right to information, he or she may contact our data protection officer or any other staff member of the controller responsible for processing the data.
c) Right to rectification
Each data subject has the right granted by the European directive and regulation issuer to request from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Moreover, the taking into consideration the purposes of processing, the data subject has the right to request that incomplete personal data be completed — also by means of a supplementary explanation.
If a data subject wishes to exercise this right of rectification, he or she may contact our data protection officer or any other staff member of the controller responsible for processing the data.
d) Right to erasure
Each data subject has the right granted by the European directive and regulation issuer to request from the controller the erasure of personal data concerning him or her without undue delay, and the controller has the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:
- The purposes for which the personal data were collected or otherwise processed are no longer necessary.
- The data subject withdraws consent on which the processing is based, according to Article 6 Sect. 1 letter a GDPR, or Article 9 Sect. 2 letter a GDPR, and there is no other legal ground for the processing.
- The data subject objects to the processing pursuant to Article 21 Sect. 1 GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21 Sect. 2 GDPR.
- The personal data have been unlawfully processed.
- The erasure of the personal data is required for compliance with a legal obligation according to EU or member state law to which the controller is subject.
- The personal data have been collected in relation to the services offered by the information service provider according to Article 8 Sect. 1 GDPR.
If one of the aforementioned grounds applies, and a data subject wishes to request the erasure of personal data stored by our company, he or she may contact any member of our staff in this regard at any time. The staff member will arrange for compliance with the erasure request without undue delay.
If the personal data have been publicly disclosed by our company, as the controller pursuant to Article 17 Sect. 1 GDPR, and if our company is obliged to erase the personal data, taking into account available technology and the cost of implementation, we will undertake reasonable steps, including technical measures, to inform other controllers responsible for processing the publicly disclosed personal data that the data subject has requested erasure by such controllers of all links to, or copies or replications of those personal data, to the extent that processing is not mandatory. Our data protection officer or another staff member will take the necessary steps in individual cases.
e) Right to restriction of processing
Each data subject has the right granted by the European directive and regulation issuer to request from the controller the restriction of processing where any of the following conditions apply:
- The accuracy of the personal data is disputed by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
- The processing is unlawful, the data subject rejects the erasure of the personal data and requests instead the restriction of their use.
- The controller no longer requires the personal data for the purposes of processing, but they are required by the data subject for the assertion, exercise or defense of legal claims.
- The data subject has objected to processing pursuant to Article 21 Sect. 1 GDPR, pending verification whether the legitimate grounds of the controller override those of the data subject.
- If any of the aforementioned conditions is met, and a data subject seeks to request the restriction of the processing of personal data stored by our company, he or she may contact any member of our staff at any time. The staff member will arrange the restriction of the processing upon request.
f) Right to data portability
Each data subject has the right granted by the European directive and regulation issuer to receive the personal data concerning him or her, which was provided by the data subject to a controller, in a structured, commonly used and machine-readable format. In addition, he or she has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to Art. 6 Sect. 1 letter a GDPR or Art. 9 Sect. 2 letter a GDPR, or on a contract pursuant to Article 6 Sect. 1 letter b GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task that lies in the public interest or occurs in the line of official authority that has been vested in the controller.
Furthermore, in exercising his or her right to data portability pursuant to Article 20 Sect. 1 GDPR, the data subject has the right to have personal data transmitted directly from one controller to another, where technically feasible, and to the extent that doing so does not adversely affect the rights and freedoms of others.
In order to assert the right to data portability, the data subject can contact our staff members at any time.
g) Right to objection
Each data subject has the right granted by the European directive and regulation issuer to object at any time to the processing of his or her personal data, on grounds relating to his or her particular situation, based on Article 6 Sect. 1 GDPR letter e or f. This also applies to profiling based on these provisions.
In case of objection, our company will no longer process personal data, unless we can demonstrate compelling legitimate grounds for processing which override the interests, rights and freedoms of the data subject, or the processing serves the purpose of asserting, exercising or defending against legal claims.
If our company processes personal data for direct marketing purposes, the data subject has the right to raise an objection at any time to the processing of personal data concerning him or her for such marketing. This also applies to profiling, to the extent that it is related to such direct marketing. If the data subject objects to our company’s processing data for direct marketing purposes, the company will no longer process the personal data for these purposes.
In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to our processing of personal data concerning him or her for scientific or historical research purposes, or for statistical purposes pursuant to Article 89 Sect. 1 GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
In order to exercise the right to objection, the data subject may contact our data protection officer or any member of our staff. Furthermore, the data subject is at liberty, within the context of using the services of the information service provider, notwithstanding Directive 2002/58/EC, to exercise his or her right of objection by means of automated procedures, in which technical specifications are used.
h) Automated individual decision-making, including profiling
Each data subject has the right granted by the European directive and regulation issuer not to be subject to a decision based solely on automated processing — including profiling — which produces legal effects concerning him or her, or has similar significant adverse effects on him or her, as long as the decision (1) is not is necessary for entering into, or the performance of, a contract between the data subject and the controller, or (2) is not permissible based on an EU or member state law to which the controller is subject and these legal regulations also contain reasonable measures for safeguarding the rights and freedoms as well as the legitimate interests of the data subject, or (3) is not based on the data subject’s express consent.
If the decision (1) is necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) it is based on the data subject’s express, the we implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
If the data subject seeks to exercise rights concerning automated individual decision-making, he or she may contact our data protection officer or any other staff member of the controller at any time.
i) Right to withdraw data protection consent
Each data subject has the right granted by the European directive and regulation issuer to withdraw his or her consent to the processing of his or her personal data at any time.
If the data subject wishes to exercise the right to withdraw consent, he or she may contact our data protection officer or any other staff member of the controller at any time.
Legal ground for processing
Art. 6 I lit. a GDPR serves as our company’s legal ground for processing transactions in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the fulfillment of a contract to which the data subject is a party, as is the case, for example, with processing transactions that are necessary for the delivery of goods or the provision of another type of quid pro quo, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing transactions required for the implementation of pre-contractual measures, as in cases of inquiries about our products or services. If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may become necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our business premises was injured and his name, age, health insurance data or other vital information had to be passed on to a doctor, hospital or other third party. Processing would then be based on Art. 6 I lit. d GDPR. Processing transactions could ultimately be based on Art. 6 I lit. d GDPR. Processing transactions not covered by any of the aforementioned legal grounds are based on this legal ground if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and fundamental freedoms of the data subject do not take precedence. We are expressly permitted to carry out such processing transactions because they have been specifically mentioned by the European lawmakers. In this respect, lawmakers held the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47 sentence 2 GDPR).
Legitimate interests in processing pursued by the controller or by a third party
If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the performance of our business activities for the wellbeing of all our employees.
The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of this period, the corresponding data will be routinely erased, to the extent they are no longer required for contract fulfillment or contract formation.
Statutory or contractual provisions governing the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data
We hereby inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may arise from contractual provisions (e.g. information on the contractual partner). In order to conclude a contract, it may be necessary for a data subject to make available to us certain personal data that must be subsequently processed by us. For example, the data subject is obliged to provide us with personal data when our company concludes a contract with him or her. Non-provision of personal data would mean that the contract could not be concluded with the data subject. Prior to providing personal data, the data subject is required to contact our data protection officer. Our data protection officer informs the data subject on a case-by-case basis whether the provision of personal data is mandated by law or by contract or is necessary for the conclusion of a contract, whether an obligation exists to provide the personal data and what consequences the non-provision of the personal data would have.
Existence of an automated decision-making process
As a responsible company, we refrain from automatic dcision-making or profiling.
On our website, we use techniques and software which we describe below.
What is the purpose for our using these techniques and software?
Part of the data is collected to ensure that the website operates error-free. Other data may be used to analyze your user behavior.
Analysis tools and tools from third-party providers
When you visit our website, your surfing behavior can be statistically evaluated. This is done primarily with cookies and so-called analysis programs. The analysis of your surfing behavior is usually anonymous; the surfing behavior cannot be traced back to you. You may object to this analysis or prevent it by not using certain tools. You will find detailed information on this in the following privacy statement.
You may object to this analysis. We will inform you about the options for objection in this privacy statement.
Right of appeal to the competent supervisory authority
In case of data protection breaches, the data subject has the right to appeal to the competent supervisory authority. The responsible supervisory authority for data protection issues is the data protection officer of the federal state in which our company has its registered office. A list of data protection officers and their contact details can be obtained from the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
SSL or TLS encryption
This website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, e.g. orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
By means of a cookie, the information and services on our website can be optimized in the interest of the user. As previously mentioned, cookies enable us to recognize returning users of our website. The purpose of this recognition is to make it easier for users to utilize our website.
You can prevent the placement of cookies by our website at any time by configuring a relevant setting of the Internet browser used and thus continuously object to the placement of cookies. In addition, you can delete cookies that have already been placed at any time via an Internet browser or other software programs. This is possible in all standard Internet browsers. If you deactivate the placement of cookies in the Internet browser used, not all functions of our website may be fully usable under certain circumstances.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
• Browser type and browser version
• Operating system used,
• Referrer URL
• Host name of the accessing computer
• Time of the server request
• IP address
This data will not be merged with other data sources.
The legal ground for data processing is Art. 6 Section 1 lit f lit. f GDPR, which allows the processing of data for fulfilling an agreement or pre-contractual measures.
This website uses CleverReach to send out newsletters. The provider is CleverReach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service with which newsletter dispatch can be organized and analyzed. The data you enter for newsletter subscription (e.g. e-mail address) are stored on CleverReach’s servers in Germany and Ireland.
Our newsletters sent with CleverReach enable us to analyze the behavior of newsletter recipients. Among other things, it allows analysis of how many recipients have opened the newsletter message and how often which link was clicked in the newsletter. With the help of so-called conversion tracking, it can also be analyzed whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter. Further information on data analysis through the CleverReach newsletter can be obtained at: https://www.cleverreach.com/de/funktionen/reporting-und-tracking/.
Data processing is based on your consent (Art. 6 Sect. 1 lit. a GDPR). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations that have already taken place remains unaffected by the revocation.
If you want no analysis by CleverReach, you have to unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message. You can also unsubscribe from the newsletter directly on the website.
The data that you have provided to us for the purpose of subscribing to the newsletter will be stored by us until you unsubscribe from the newsletter and will be deleted both from our servers and from CleverReach’s servers after you cancel the newsletter. This does not affect data stored by us for other purposes (e.g. e-mail addresses for the member area).
For more details, please refer to the CleverReach data protection provisions at: https://www.cleverreach.com/de/datenschutz/.
Conclusion of a contract for order data processing
We have concluded a contract with CleverReach for order data processing and we fully implement the strict requirements of the German data protection authorities when using CleverReach.
Share content via plug-ins (Facebook, Google+1, Twitter & Co.)
Social media plug-ins are used on our website. We use a direct link for this purpose
Direct link: Our website links directly to social media, if you use social media and are registered with them, your data will be transmitted to the networks when you access the website.
A detailed explanation of the plug-ins used is provided below.
Facebook plugins (Like & Share button)
Plugins of the Facebook social network, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our websites. You can recognize the Facebook plugins by the Facebook logo or the “Like” button on our website. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.
When you visit our pages, the plugin establishes a direct connection between your browser and the Facebook server. Facebook receives the information that you have visited our site with your IP address. If you click the Facebook “Like” button while logged into your Facebook account, you can link the content of our websites to your Facebook profile. This allows Facebook to associate the visit to our websites with your user account. We would like to point out that as the provider of the websites, we have no knowledge of the content of the transmitted data or its use by Facebook. For more information, please refer to Facebook’s data protection policy https://de-de.facebook.com/policy.php.
If you do not want Facebook to be able to track visits to our pages to your Facebook user account, please log out of your Facebook user account.