Privacy Policy (GDPR)
1. Data Protection at a Glance
General Information
The following information provides a simple overview of what happens to your personal data when you visit this website.
Personal data means all data by which you can be personally identified.
Detailed information on the subject of data protection can be found in our Privacy Policy listed below.
Data Collection on This Website
Who is responsible for data collection on this website?
The data processing on this website is carried out by the website operator.
You can find the operator’s contact details in the section “Information on the Responsible Entity” of this Privacy Policy.
How do we collect your data?
Some data are collected when you provide them to us. This may, for example, include data you enter into a contact form.
Other data are collected automatically or with your consent when you visit the website. These are primarily technical data (e.g. internet browser, operating system, or time of page access). The collection of these data occurs automatically as soon as you enter this website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website.
Other data may be used to analyse your user behaviour.
What rights do you have regarding your data?
You have the right to receive information free of charge at any time about the origin, recipients, and purpose of your stored personal data.
You also have the right to request correction or deletion of these data.
If you have given your consent to data processing, you may withdraw it at any time with effect for the future.
Furthermore, you have the right to request restriction of the processing of your personal data under certain circumstances.
You also have the right to lodge a complaint with the competent supervisory authority.
You may contact us at any time regarding this or any other questions concerning data protection.
2. Hosting
We host the contents of our website with the following provider:
Mittwald
Provider: Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4–6, 32339 Espelkamp, Germany (hereinafter “Mittwald”).
For details, please refer to the Mittwald privacy policy: https://www.mittwald.de/datenschutz
The use of Mittwald is based on Art. 6 (1)(f) GDPR.
We have a legitimate interest in a reliable presentation of our website.
Where consent has been requested, processing is based exclusively on Art. 6 (1)(a) GDPR and § 25 (1) TTDSG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be withdrawn at any time.
Data Processing Agreement
We have concluded a Data Processing Agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, ensuring that Mittwald processes personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
3. General Information and Mandatory Disclosures
Data Protection
The operators of this website take the protection of your personal data very seriously.
We treat your personal data confidentially and in accordance with statutory data protection regulations and this Privacy Policy.
When you use this website, various personal data are collected.
Personal data are data that can be used to identify you personally.
This Privacy Policy explains which data we collect and for what purpose. It also explains how and for what purpose this is done.
Please note that data transmission over the Internet (e.g. communication by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
Information on the Responsible Entity
The controller responsible for data processing on this website is:
Weserland GmbH
Hansastraße 9–17
30419 Hannover
Germany
Phone: +49 511 979970
Fax: +49 511 9799770
E-mail: info@weserland.eu
The controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).
Data Protection Officer
Thosa-Datenschutz UG (haftungsbeschränkt)
Stephan Toleikis
Hans-Böckler-Allee 26
30173 Hannover
E-mail: datenschutz@weserland.eu
Storage Period
Unless a specific storage period has been stated in this Privacy Policy, your personal data will remain with us until the purpose for processing the data no longer applies.
If you make a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g. retention obligations under tax or commercial law). In such cases, deletion will occur once these reasons no longer apply.
Legal Bases for Data Processing
If you have consented to the processing of your personal data, we process it based on Art. 6 (1)(a) GDPR or, where special categories of data under Art. 9 (1) GDPR are processed, Art. 9 (2)(a) GDPR.
In cases of explicit consent to the transfer of personal data to third countries, processing is also based on Art. 49 (1)(a) GDPR.
If you consent to the storage of cookies or access to your device (e.g. via device fingerprinting), processing additionally takes place under § 25 (1) TTDSG. Consent can be withdrawn at any time.
If processing of your data is necessary for the performance of a contract or pre-contractual measures, we process your data based on Art. 6 (1)(b) GDPR.
If processing is necessary to comply with a legal obligation, it is based on Art. 6 (1)(c) GDPR.
Processing may also occur based on our legitimate interest under Art. 6 (1)(f) GDPR.
The applicable legal basis in each case is specified in the following sections of this Privacy Policy.
Withdrawal of Your Consent
Many processing operations are only possible with your explicit consent.
You may withdraw consent already given at any time.
The lawfulness of processing carried out prior to withdrawal remains unaffected.
Right to Object (Art. 21 GDPR)
If data processing is based on Art. 6 (1)(e) or (f) GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data; this also applies to profiling based on these provisions.
The respective legal basis for processing can be found in this Privacy Policy.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defence of legal claims (Art. 21 (1) GDPR).
If your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing; this also applies to profiling to the extent it is related to such direct marketing.
If you object, your personal data will no longer be used for direct marketing purposes (Art. 21 (2) GDPR).
Right to Lodge a Complaint
In case of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or the place of the alleged infringement.
This right exists without prejudice to other administrative or judicial remedies.
Right to Data Portability
You have the right to receive the data which we process automatically based on your consent or in fulfilment of a contract, in a common, machine-readable format, and to have it transmitted to another controller, where technically feasible.
Access, Deletion, and Rectification
Within the scope of applicable legal provisions, you have the right at any time to obtain information free of charge about your stored personal data, its origin and recipients, and the purpose of the processing, as well as, where applicable, the right to rectification or erasure of these data.
You may contact us at any time regarding this or other questions on personal data.
Right to Restrict Processing
You have the right to request restriction of the processing of your personal data. You may contact us at any time for this purpose. The right to restriction exists in the following cases:
If you contest the accuracy of your personal data, we usually need time to verify this. For the duration of the verification, you have the right to request restriction of processing.
If the processing is unlawful, you may request restriction instead of deletion.
If we no longer need your personal data, but you need them for the establishment, exercise, or defence of legal claims, you have the right to request restriction instead of deletion.
If you have objected under Art. 21 (1) GDPR, a balance must be struck between your and our interests. Until it is determined whose interests prevail, you have the right to request restriction.
If processing has been restricted, such data may – apart from storage – only be processed with your consent, for the establishment, exercise, or defence of legal claims, for the protection of the rights of another person, or for reasons of important public interest of the EU or a Member State.
SSL or TLS Encryption
For security reasons and to protect the transmission of confidential content (e.g. orders or enquiries you send to us), this site uses SSL or TLS encryption.
You can recognise an encrypted connection by the change in the browser’s address line from “http://” to “https://” and the lock symbol in your browser bar.
When encryption is activated, the data you transmit to us cannot be read by third parties.
4. Data Collection on This Website
Cookies
Our website uses cookies. Cookies are small data packages that do not harm your device.
They may be stored temporarily (session cookies) or permanently on your device.
Session cookies are deleted automatically after your visit; permanent cookies remain stored until you delete them or your browser deletes them automatically.
Third-party cookies may also be stored when visiting our site (e.g. for payment processing).
Cookies serve various functions — some are technically required (e.g. shopping cart), while others analyse user behaviour or display advertising.
Necessary cookies are stored based on Art. 6 (1)(f) GDPR unless another legal basis is specified.
Where consent is requested, processing is based on Art. 6 (1)(a) GDPR and § 25 (1) TTDSG; consent can be withdrawn at any time.
You can configure your browser to notify you about the setting of cookies, to allow cookies only in individual cases, to exclude them in certain cases, or to delete them automatically when closing the browser.
Disabling cookies may limit website functionality.
Server Log Files
The provider automatically collects and stores information in server log files which your browser transmits to us:
Browser type and version
Operating system used
Referrer URL
Hostname of the accessing computer
Time of server request
IP address
This data is not merged with other data sources.
The collection of this data is based on Art. 6 (1)(f) GDPR. We have a legitimate interest in the technically error-free and optimised provision of our website.
Contact Form
If you send us an enquiry via the contact form, the information you provide, including your contact details, will be stored for processing your request and for any follow-up questions.
We do not share this information without your consent.
Processing is based on Art. 6 (1)(b) GDPR (contract or pre-contractual measures) or Art. 6 (1)(f) GDPR (legitimate interest in effective enquiry handling), or Art. 6 (1)(a) GDPR if consent was obtained.
Consent can be withdrawn at any time.
Your data will be stored until you request deletion, withdraw consent, or the purpose of storage ceases. Statutory retention obligations remain unaffected.
Data Protection for Applications
Weserland GmbH collects and processes personal data of applicants for the purpose of handling the recruitment process.
Processing may also occur electronically, particularly when application documents are submitted by e-mail.
If Weserland GmbH concludes an employment contract with an applicant, the data will be stored for the purpose of managing the employment relationship in compliance with legal requirements.
If no contract is concluded, the application documents will be automatically deleted six months after notification of the rejection decision, unless there are other legitimate interests (e.g. burden of proof under the General Equal Treatment Act (AGG)).
5. Social Media
Social Media Elements with Shariff
This website uses elements of social networks (e.g. Facebook, Twitter, Instagram, Pinterest, XING, LinkedIn, Tumblr).
To ensure data protection, we use the “Shariff” solution. This prevents social media elements from transmitting personal data when you first visit the site.
Only when you activate a social media element by clicking on the respective button will a direct connection to the provider’s server be established (consent).
Once activated, the provider receives the information that you have visited our website with your IP address.
If you are logged into your social media account, the visit may be linked to your account.
Activating the plugin constitutes consent under Art. 6 (1)(a) GDPR and § 25 (1) TTDSG, which may be withdrawn at any time.
The use of this service ensures legally required consent management for certain technologies (Art. 6 (1)(c) GDPR).
Privacy Policy for Social Media Plugins (No “Like” Buttons)
Our website uses so-called “social plugins” (only forwarding links, no “Like” buttons) for the social networks LinkedIn, Twitter, and XING.
Only when you click and thereby activate a plugin will your browser establish a direct connection to the respective network’s servers.
The plugin transmits data (including your IP address) to the network.
We have no influence over the scope of data collected by these networks.
According to our knowledge, the networks receive information about which of our pages you have visited — even if you are not logged in.
This information may be transmitted to servers in the USA and stored there.
For more information, please refer to the privacy policies of the respective providers:
Facebook: https://de-de.facebook.com/policy.php
No plugins provided directly by these networks are integrated into our website.
A transfer of user data to the operators of these platforms only occurs if you actively click on the respective button.
This allows you to share content from our website on social media without entire browsing profiles being created by the network operators.
