Privacy policy

Thank you for visiting our website. In this Policy, we would like to inform you about how we handle your data in accordance with Art. 13 of the General Data Protection Regulation (GDPR).

Controller

The Controller for the data processing operations described below is the office named in the imprint.

Usage Data

When you visit our websites, our web server temporarily evaluates so-called usage data for statistical purposes in order to improve the quality of our website. This data consists of the following data categories:

  • the name and address of the requested content,
  • the date and time of the query,
  • the amount of data transferred,
  • the access status (content transferred, content not found),
  • the description of the used web browser and operating system,
  • the referral link, which indicates from which page you reached ours,
  • the IP address of the requesting computer, which is shortened in such a way that a personal reference can no longer be established.

The aforementioned log data will be evaluated anonymously.

The legal basis for the processing of usage data is Art. 6 (1) (f) GDPR. The processing is based on the legitimate interest of providing the contents of the website and ensuring a device- and browser-optimised display.

Data Security

In order to protect your data as comprehensively as possible from unwanted access, we implement technical and organisational measures. These measures include encryption procedures on our websites. Your data is transferred from your computer to our server and vice versa via the internet using TLS encryption. You can usually recognize this by the fact that the lock symbol in the status bar of your browser is closed and the address line begins with https://.

Necessary Cookies

We use cookies on our websites, which are necessary for using our websites.

Cookies are small text files that can be stored on and extracted from your device. There is a difference between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored for more than the duration of the session.

We do not use these necessary cookies for analysis, tracking or advertising purposes.

In some cases, these cookies only contain information on certain settings and are not linked to a person. They may also be necessary to enable user guidance, security and operating of the site.

The legal basis for using these cookies is our legitimate interest according to Art. 6 (1) (f) GDPR.

You can set your browser to inform you about the use of cookies. You can also delete cookies or prevent the setting of new cookies at any time by using the appropriate browser settings. Please note that if you delete certain cookies, our websites may not be displayed correctly and some functions may no longer be available.

Provider Purpose Storage period Appropriate Level of data protection
wpd onshore GmbH & Co. KG Saves the settings of visitors selected in the Cookie Box of Borlabs Cookie. 1 year yes

Consent banner

We use a consent management platform (consent or cookie banner) on our websites. The processing in connection with the use of the consent management platform and the logging of the settings you have made is based on our legitimate interest in accordance with Art. 6 (1) (f) GDPR to provide you with our content according to your preferences and to be able to prove your consent(s). The settings you have made, the consents you have given and parts of your usage data are stored in a cookie. This ensures that it is kept for further website visits and that your consents continue to be traceable. You can find more information about this under the section “Necessary cookies”.

The provider of the consent management platform acts on our behalf and is strictly bound by our instructions (processor). A data processing agreement in accordance with Art. 28 GDPR has been concluded.

Matomo

We use the web analysis tool “Matomo” to design our websites according to your needs. Matomo creates user profiles based on pseudonyms. For this purpose, permanent cookies are stored on your end device and accessed by us. In this way we are able to recognize and measure returning visitors.

The data processing is based on your consent in accordance with Art. 6(1) (a) GDPR. or §15 S. 3 Nr. 1 German Telemedia Act (TMG) if you have given your consent via our cookie banner. You can revoke your consent at any time. Please follow and make the appropriate settings via our banner.

Embedded Videos

We embed videos on our websites that are not stored on our servers. To ensure that calling up our web pages with embedded videos does not automatically lead to the reloading of content of the third-party provider, in a first step, we only display locally stored preview images of the videos. This does not provide the third-party provider with any information.

Only after clicking on the preview image the content of the third-party provider will be reloaded. The third-party provider is therefore able to obtain the information that you have accessed our site as well as the usage data that is technically required in this context. Additionally, the third-party provider is able to implement tracking technologies. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us permission that contents from the third-party provider are reloaded.

The embedding is based on your consent, provided you have given your consent by clicking on the preview image. If data is processed outside the EU or the EEA (in particular in the USA) in this context, we provide information about the level of data protection in the following table.

Third party provider Adequate level of data protection Revocation of consent
Vimeo (USA) Processing may also take place outside the EU/EEA. No adequate level of data protection. The transfer is based on Art. 49 (1) (a) GDPR.​ If you have clicked on a preview image, the content of the third-party provider will be reloaded immediately. If you do not want such reloading on other pages, please do not click on the thumbnails any more.​

Map Services

On our websites, we embed map services that are not stored on our servers. To ensure that calling up our websites with embedded map services does not automatically lead to the reloading of content of the third-party provider, in a first step, we only display locally stored preview images of the maps in a first step. This does not provide the third-party provider with any information.

Only after clicking on the preview image the content of the third-party provider will be reloaded. The third-party provider is therefore able to obtain the information that you have accessed our site as well as the usage data that is technically required in this context. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us permission that contents from the third-party provider are reloaded.

The embedding is based on your consent, provided you have given your consent by clicking on the preview image.

Please note that the embedding of some map services results in that your data will be processed outside the EU or EEA (in particular the USA). If data is processed outside the EU or the EEA (in particular in the USA) in this context, we provide information about the level of data protection in the following table.

If you have clicked on a preview image, the content of the third-party provider will be reloaded immediately. If you do not want such reloading on other pages, please do not click on the thumbnails any more.

Provider Adequate Data Protection Level Withdrawal of Consent
Google For transfers to the U.S., an adequate level of data protection is ensured due to the certification of the provider under the adequacy decision (EU-U.S. Data Privacy Framework). If you have clicked on a preview image, the content of the third-party provider will be reloaded immediately. If you do not want such reloading on other pages, please do not click on the thumbnails any more.​

Newsletter registration and delivery

You can order a newsletter on our websites. Please note that we require certain data (at least your e-mail address) for suscribing to our newsletter.

The newsletter will only be sent to you, if you have given us your explicit consent. Once you have ordered our newsletter, you will receive a confirmation e-mail to the e-mail address you provided (so-called double opt-in). You can withdraw your consent at any time. You can easily withdraw your consent, for example, by clicking on the unsubscribe link in every newsletter.

As part of the newsletter registration, we store further data in addition to the data already mentioned, insofar as this is necessary for us to be able to prove that you have ordered our newsletter. This may include the storage of the full IP address at the time of the order or the confirmation of the newsletter, as well as a copy of the confirmation email sent by us. The corresponding data processing is based on Art. 6 (1) (f) GDPR and in the legitimate interest of being able to account for the lawfulness of the newsletter delivery.

Access protected area

If you wish to use our access-protected area, prior registration is necessary.

We only collect the data required for registration and provision of the service. The processing is based on Art. 6 (1) (f) GDPR in our legitimate interest to provide you with the services and information of the access-protected area.

If we also collect data marked as voluntary, we process this on the basis of your consent. You can withdraw your consent at any time with effect for the future. To do so, please use the corresponding functions in the access-protected area or contact the e-mail address stated in the imprint.

If you wish to permanently unsubscribe from our access-protected area (objection), please use the unsubscribe option in the access-protected area or contact the office named in the imprint.

Storage period

Unless we have already informed you in detail about the storage period, we delete personal data when they are no longer required for the aforementioned processing purposes and no legitimate interests or other (legal) reasons for storage prevent deletion.

Your rights as a data subject

When processing your personal data, the GDPR grants you certain rights as a data subject:

Right of access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether personal data of you is being processed; if this is the case, you have the right to obtain information about the processed personal data and to receive the information listed in detail in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)

You have the right to request the rectification of any inaccurate personal data relating to you and, where applicable, the completion of any incomplete data, without delay.

Right to erasure (Art. 17 GDPR)

You have the right to request the erasure of your personal data without delay, provided that one of the reasons listed in detail in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing, for the duration of the assessment by the controller, if one of the requirements listed in Art. 18 GDPR is met, e.g. if you have objected to the processing.

Right to data portability (Art. 20 GDPR)

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive your personal data in a structured, commonly used and machine-readable format or to request the transfer of this data to a third party.

Right to withdraw consent (Art. 7 GDPR)

If the processing of data is based on your consent, you are entitled to withdraw your consent to the processing of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that the withdrawal of the consent only effective for the future. Processing that took place before the withdrawal is not affected.

Right to object (Art. 21 GDPR)

If data is collected on the basis of Art. 6 (1) (f) GDPR (data processing for the protection of legitimate interests) or on the basis of Art. 6 (1) (e) GDPR (data processing for the protection of public interests or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of your data violates data protection regulations. The right to lodge a complaint can be asserted in particular witha supervisory authority in the Member State of your habitual residence, your place of work or the place of the suspected infringement.

Asserting your rights

Unless otherwise described above, please contact the controller of the data processing named in the imprint to assert your rights as a data subject.

Questions about data protection

If you have any questions about data protection, please contact our data protection department:
Phone: +49 (0) 421 16866 -10
Email: datenschutz@wpd.de

Contact details of our data protection officer

Our external data protection officer is available to provide further information on data protection.

datenschutz nord GmbH
Konsul-Smidt-Straße 88
28217 Bremen
Web: www.datenschutz-nord-gruppe.de
E-Mail: office@datenschutz-nord.de

When contacting our data protection officer, please specify the name of the company, stated in our imprint.

 

Privacy policy for our social media sites

If you visit our social media sites, data relating to you will be processed. We would therefore like to inform you below of how we treat your data as well as your resulting rights in accordance with Art. 13 of the General Data Protection Regulation (GDPR).

Responsibility

NOTE Please select the relevant platforms below and adjust the corresponding link.

We, wpd onshore GmbH & Co. KG, Stephanitorsbollwerk 3 (Haus LUV), 28217 Bremen, operate the following social media sites:

NOTE Please link below to the Legal Notice that names the responsible body. Please check whether this really is the responsible body!

You can find our contact details in the Legal Notice.

Data processing by us

Public relations work

The data you provided on our social media sites such as your user name, comments, videos, images, likes, public messages, etc. are published by the social media platform and will at no time be processed by us for other purposes. We merely reserve the right to delete content if this should prove necessary. We may share your content on our site if this is a function of the social media platform, and communicate with you via the social media platform.

If you submit an enquiry to us on the social media platform, we may refer you to other, secure means of communication which guarantee confidentiality, depending on the content. For example, you have the opportunity at any time to send us your enquiry to the address specified in the legal notice or to info@wpd.de. It is your own responsibility to select an appropriate means of communication.

The legal basis for the specified processing of your data is set out in Article 6 (1) Sentence 1 (f) GDPR. Data are processed based on the legitimate interest of conducting public relations work for our company and to enable us to communicate with you.

Shared responsibility for data processing

We share responsibility for some of our processing activities with the relevant operator of the social media platform.

We have therefore concluded the necessary agreement in accordance with Art. 26 GDPR provided the operator of the social media platform permits this.

NOTE Please select the platforms used by your company below and link the agreement in accordance with Art. 26 GDPR. Please delete the other data. Insofar as the particular social media platform does not provide any corresponding agreement, it is not possible to adequately meet the data protection requirements.

 

You can find the main elements of such shared responsibility in the following section.

Statistics (insights)

The social media platforms used prepare regular statistics (insights) on the basis of user data containing information on your interaction with our social media site. We cannot control or suppress the compilation or provision of these insights.

However, we do not take advantage of any optional insights offered by the social media platform.

Targeted advertising

We also use the social media platforms described to target advertising.

To this end, we use target market definitions provided by the social media operator. In the process, we only use anonymous target market definitions – i.e. we define characteristics on the basis of general demographic information, behaviour, interests and connections. The operator of the social media platform uses these definitions to send ads to its users accordingly. The legal basis for this is the consent obtained by the operator of the social media platform from its users.

If you wish to revoke this consent, please use the revocation options provided by the operator of the social media platform as the social media platform operator is responsible for this processing.

We or the operator of the social media platform also use publicly available data to define the target markets. The legal basis for this processing is then given by Art. 6 (1) Sentence 1 (f) GDPR. Here, the legitimate interest on our side consists in achieving as accurate a definition of the target market as possible. We do not use any sensitive categories of personal data to define the target market which fall within the scope of Art. 9 and 10 GDPR (e.g. political opinions, sexual orientation).

We also use information on your visit or your interaction with other websites (remarketing) to define the target market. Among other things, we also use cookies for this purpose. In such cases, however, we first obtain the consent of the users on such other sites by means of a consent banner and inform them at this point about the processing of their data.  You can revoke this consent at any time by calling up the consent banner on the particular website again.

Active sourcing

We conduct active sourcing measures on the professional networks we use, in particular Xing and LinkedIn, to identify promising potential candidates and actively make contact with them. The data are processed for the sole purpose of recruiting staff. In the process, we draw the attention of interesting users individually to vacant posts. These personal data are never used for product advertising or transferred to other third parties for other purposes without authorisation.

The following categories of data are processed in active sourcing: name, contact details and information or data on qualifications / further training which can be viewed publicly in your profile. We collect and process the personal data directly on the relevant career platform. Employees in the HR department make the approaches. No external service providers are used. No searches are made in social networks used primarily for private purposes (such as Facebook and Instagram).

The legal basis for processing personal data is set out in Article 6 (1) Sentence 1 (f) GDPR. The legitimate interest is derived from the fact that we are constantly on the lookout for suitable employees. We can supply you with the balance of interests on request. If you apply for a specific job with us, the main legal basis for the data processing is given by Art. 6 (1)(b) GDPR or Art. 88 (1) GDPR in conjunction with Sec. 26 (1) BDSG (Federal Data Protection Act).

Data processing by the operator of the social media platform

We also use the social media platforms described to target advertising.

To this end, we use target market definitions provided by the social media operator. In the process, we only use anonymous target market definitions – i.e. we define characteristics on the basis of general demographic information, behaviour, interests and connections. The operator of the social media platform uses these definitions to send ads to its users accordingly. The legal basis for this is the consent obtained by the operator of the social media platform from its users.

If you wish to revoke this consent, please use the revocation options provided by the operator of the social media platform as the social media platform operator is responsible for this processing.

We or the operator of the social media platform also use publicly available data to define the target markets. The legal basis for this processing is then given by Art. 6 (1) Sentence 1 (f) GDPR. Here, the legitimate interest on our side consists in achieving as accurate a definition of the target market as possible. We never use any sensitive categories of personal data specified in Art. 9 and 10 GDPR (e.g. political opinions, sexual orientation) to define the target market.

Storage period

We will delete your personal data if they are no longer required for the aforementioned processing purposes and such deletion does not conflict with any statutory retention obligations.

Receivers / categories of receivers of your data

We are supported by the advertising agency “Vonq GmbH” in the design and publication of advertisements. Insofar as the advertising agency gains sight of personal data in the course of fulfilling an order, it will process such data strictly according to instructions in the order on the basis of a contract concluded for commissioned processing in accordance with Art. 28 (3) GDPR.

Your rights as a user

As a user, you have the option of asserting the following rights vis-à-vis both us and the operator of the social media platform, if the conditions are met:

Right of access (Art. 15 GDPR)

You have the right to request confirmation as to whether personal data relating to yourself are being processed; if this is the case, you have the right to request information on these personal data and to the information individually listed in Art. 15 GDPR.

Right to rectification and erasure (Art. 16 and 17 GDPR)

You have the right to request immediate rectification of incorrect personal data relating to yourself and if applicable the completion of incomplete personal data. You also have the right to request that personal data relating to yourself be immediately deleted if one of the reasons listed individually in Art. 17 GDPR applies, e.g. if the data are no longer required for the purposes pursued.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request that processing be restricted for the length of any review if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing.

Right to data portability (Art. 20 GDPR)

In certain cases, individually listed in Art. 20 GDPR, you have the right to receive the personal data relating to yourself in a structured, conventional and machine-readable format or to request the transmission of such data to a third party.

Right to object (Art. 21 GDPR)

If data are processed on the basis of our legitimate interest in accordance with Art. 6 (1) Sentence 1 (f) GDPR, you will have the right to lodge an objection to the processing at any time for reasons resulting from your particular situation.

We will then no longer process your personal data unless there are demonstrably compelling, sensitive reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the data are processed on the basis of a legitimate interest for direct marketing purposes, you will have your own right of objection which you can assert at any time without stating your reasons and the exercise of which will lead to the termination of the processing for direct marketing purposes.

You can assert your data protection rights here: datenschutz@wpd.de and Stephanitorsbollwerk 3, 28217 Bremen.

Right of revocation (Art. 7 GDPR)

If data are processed on the basis of your consent, you are entitled under Art. 7 (3) GDPR to revoke your consent to the use of your personal data at any time. Please note that the revocation will only apply to the future. Processing performed before revocation is not affected.

Right to complain to a supervisory authority

Under Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of the data relating to yourself breaches data protection regulations. Your right of complaint can be asserted in particular with a supervisory authority in the member state of your place of residence, your place of work or the location of the supposed breach.

Contact details of our data protection officer

Our external data protection officer will be happy to provide you with information on the subject of data protection on the following contact details:

datenschutz nord GmbH

Email: office@datenschutz-nord.de

Tel.: +49 421 69 66 32-0 (Bremen), +49 40 593 61 60-400 (Hamburg), +49 30 308 77 49-0 (Berlin).

If you contact our data protection officer, please also state the responsible body specified in the legal notice.