data protection

We are delighted that you are visiting our website. The protection and security of your personal information when using our website is very important to us. We would therefore like to take this opportunity to inform you about which of your personal data we collect when you visit our website and for what purposes it is used.

This privacy policy applies to the Willbrandt KG website, which can be accessed at the domain willbrandt.co.uk and the various subdomains (‘our website’).

Who is responsible and how can I contact them?

Responsible

for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR)

Willbrandt KG

Schnackenburgallee 180

22525 Hamburg

+49 40 540093-0

info@willbrandt.de

Data protection officer

AGAD Service GmbH

Waldring 43-47

44789 Bochum

Dr Nils Helmke

helmke@agad.de

What is this about?

This privacy policy meets the legal requirements for transparency in the processing of personal data. This includes all information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address or user behaviour when visiting a website. Information that we cannot link to your person (or only with disproportionate effort), e.g. through anonymisation, is not personal data. The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis and a defined purpose.

Stored personal data is deleted as soon as the purpose of processing has been achieved and there are no legitimate reasons for further storage of the data. We will inform you of the specific storage periods or criteria for storage in the individual processing operations. Irrespective of this, we store your personal data in individual cases for the assertion, exercise or defence of legal claims and in the event of statutory retention obligations.

Who receives my data?

We only pass on your personal data that we process on our website to third parties if this is necessary for the fulfilment of the purposes and is covered by the legal basis (e.g. consent or protection of legitimate interests) in individual cases. In addition, we pass on personal data to third parties in individual cases if this serves to assert, exercise or defend legal claims. Possible recipients may then be, for example, law enforcement authorities, solicitors, auditors, courts, etc.

If we use service providers to operate our website who process personal data on our behalf within the scope of order processing in accordance with Art. 28 GDPR, these may be recipients of your personal data. You can find more detailed information on the use of order processors and web services in the overview of the individual processing operations

Do you use cookies?

Cookies are small text files that we send to your device’s browser and store there when you visit our website. As an alternative to using cookies, information can also be stored in your browser’s local storage. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies, on the other hand, enable us to perform various analyses, so that we are able, for example, to recognise the browser you are using when you visit our website again and to transmit various information to us (non-necessary cookies). Cookies enable us, among other things, to make our website more user-friendly and effective for you by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your device. They cannot execute programmes or contain viruses.

We provide information about the respective services for which we use cookies in the individual processing operations. Detailed information about the cookies used can be found in the cookie settings or in the Consent Manager of this website.

What rights do I have?

Under the conditions of the legal provisions of the General Data Protection Regulation (GDPR), you as the data subject have the following rights:

What are my rights?

Under the conditions of the legal provisions of the General Data Protection Regulation (GDPR), you as the data subject have the following rights:

• Information pursuant to Art. 15 GDPR about the data stored about you in the form of meaningful information about the details of the processing and a copy of your data;

• Rectification pursuant to Art. 16 GDPR of inaccurate or incomplete data stored by us;

• Deletion pursuant to Art. 17 GDPR of the data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;

• Restriction of processing pursuant to Art. 18 GDPR, insofar as the accuracy of the data is disputed, the processing is unlawful, we no longer need the data and you refuse to have it deleted because you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing pursuant to Art. 21 GDPR.

• Data portability pursuant to Art. 20 GDPR, insofar as you have provided us with personal data within the scope of consent pursuant to Art. 6(1)(a) GDPR or on the basis of a contract pursuant to Art. 6(1)(b) GDPR and this data has been processed by us using automated procedures. You will receive your data in a structured, commonly used and machine-readable format, or we will transfer the data directly to another controller, insofar as this is technically feasible.

• Objection pursuant to Art. 21 GDPR to the processing of your personal data, insofar as this is based on Art. 6(1)(e), (f) GDPR and there are reasons for this arising from your particular situation or the objection is directed against direct marketing. The right to object does not apply if there are compelling legitimate grounds for the processing or if the processing is for the establishment, exercise or defence of legal claims. If the right to object does not apply to individual processing operations, this is indicated there.

• Revocation of your consent in accordance with Art. 7(3) GDPR with effect for the future.

• Complaint pursuant to Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.

How is my data processed in detail?

Below, we provide information about the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data and the respective storage period. Automated decision-making in individual cases, including profiling, does not take place.

Provision of the website

Type and scope of processing

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

• IP address of the requesting computer

• Date and time of access

• Name and URL of the file accessed

• Website from which access is made (referrer URL)

• Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

[Our website is not hosted by us, but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR.]

Purpose and legal basis

Processing is carried out to protect our overriding legitimate interest in displaying our website and ensuring security and stability on the basis of Art. 6(1)(f) GDPR. The collection of data and storage in log files is essential for the operation of the website. There is no right to object to the processing due to the exception under Art. 21(1) GDPR. Insofar as further storage of the log files is required by law, processing is carried out on the basis of Art. 6(1)(c) GDPR. There is no legal or contractual obligation to provide the data, but it is technically impossible to access our website without providing the data.

Storage period

The aforementioned data is stored for the duration of the website display [and, for technical reasons, for a maximum of [7 days]].

Contact form

Type and scope of processing

On our website, we offer you the opportunity to contact us via a form provided. The information collected via mandatory fields is necessary to process your enquiry. In addition, you can voluntarily provide additional information that you consider necessary for processing your contact enquiry.

When using the contact form, your personal data will not be passed on to third parties.

Purpose and legal basis

The processing of your data through the use of our contact form is carried out for the purpose of communicating and processing your enquiry on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. If your enquiry relates to an existing contractual relationship with us, the processing is carried out for the purpose of fulfilling the contract on the basis of Art. 6 (1) (b) GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to process your enquiry without providing the information in the mandatory fields. If you do not wish to provide this data, please contact us by other means.

Storage period

If you use the contact form on the basis of your consent, we will store the data collected for each enquiry for a period of three years, beginning with the completion of your enquiry or until you revoke your consent.

[If you use the contact form within the framework of a contractual relationship, we will store the data collected for each enquiry for a period of [three years] from the end of the contractual relationship.

Newsletter

Type and scope of processing

If you register on our website to receive our newsletter, we collect your email address [and your name…] and store this information together with the date of registration and your IP address. You will then receive an email in which you must confirm your registration for the newsletter (double opt-in). If you do not confirm your registration within [XX hours], it will automatically expire and the data will not be processed for the purpose of sending the newsletter.

[The newsletter is sent directly by us. Your data will not be passed on to third parties or processors within the meaning of Art. 28 GDPR.

[We use a service provided by [service providers] to send the newsletter, who process your personal data on our behalf in accordance with Art. 28 GDPR. Your data will not be passed on to third parties.]

Purpose and legal basis

We process your data for the purpose of sending the newsletter on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. By unsubscribing from the newsletter, you can declare your revocation at any time with effect for the future in accordance with Art. 7 (3) GDPR. There is no legal or contractual obligation to provide your data, but it is not possible to send the newsletter without providing your data.

Storage period

After you subscribe to the newsletter, we store your data for a maximum of [XX hours] until your subscription is confirmed. After successful confirmation, we store your data until you revoke your consent (unsubscribe from the newsletter) [and for technical reasons for a maximum of [7 days] beyond that.

CDNJS

Type and scope of processing

We use CDNJS to ensure the proper provision of content on our website. CDNJS is a service provided by Cloudflare, Inc., which acts as a content delivery network (CDN) on our website.

A CDN helps to deliver content from our online offering, in particular files such as graphics or scripts, more quickly with the aid of regionally or internationally distributed servers. When you access this content, you establish a connection to Cloudflare, Inc. servers, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of CDNJS.

Purpose and legal basis

The use of the content delivery network is based on our legitimate interests, i.e. our interest in the secure and efficient provision and optimisation of our online offering in accordance with Art. 6(1)(f) GDPR.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. Data transfer to the USA is carried out in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified under the EU-US Data Privacy Framework (EU-US DPF).

In cases where no adequacy decision by the European Commission exists (including US companies that are not certified under the EU-US DPF), we have agreed on other appropriate safeguards with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise specified, these are standard contractual clauses of the European Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, we will obtain your consent in accordance with Art. 49 (1) sentence 1 lit. a GDPR prior to such a transfer to a third country, which you can give via the Consent Manager (or other forms, registrations, etc.). We would like to point out that third-country transfers may involve unknown risks (e.g. data processing by security authorities in the third country, the exact scope and consequences of which we do not know, over which we have no influence and of which you may not be aware).

Storage period

We have no influence on the specific storage period of the processed data; this is determined by Cloudflare, Inc. Further information can be found in the privacy policy for CDNJS: https://www.cloudflare.com/privacypolicy/.

Google Ads

Type and scope of processing

We have integrated Google Ads into our website. Google Ads is a service provided by Google Ireland Limited to display targeted advertising to users. Google Ads uses cookies and other browser technologies to evaluate user behaviour and recognise users.

Google Ads collects information about visitor behaviour on various websites. This information is used to optimise the relevance of the advertising. Furthermore, Google Ads delivers targeted advertising based on behavioural profiles and geographical location. Your IP address and other identification features such as your user agent are transmitted to the provider.

If you are registered with a Google Ireland Limited service, Google Ads can assign the visit to your account. Even if you are not registered with Google Ireland Limited or have not logged in, it is possible that the provider may find out and store your IP address and other identifying features.

In this case, your data will be passed on to the operator of Google Ads, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Purpose and legal basis

The use of Google Ads is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG.

In cases where no adequacy decision by the European Commission exists (including US companies that are not certified under the EU-US DPF), we have agreed on other appropriate safeguards with the recipients of the data within the meaning of Art. 44 ff. GDPR. Unless otherwise specified, these are standard contractual clauses of the European Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

Storage period

We have no influence on the specific storage period of the processed data; this is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google Ads: https://policies.google.com/privacy.

Google Analytics

Type and scope of processing

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for example, the number of visits to our online offering, subpages visited and the length of time visitors spend on the site.

Google Analytics uses cookies and other browser technologies to evaluate user behaviour and recognise users.

This information is used, among other things, to compile reports on website activity.

Purpose and legal basis

The use of Google Analytics is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG.

Storage period

Google CDN

Type and scope of processing

We use Google CDN to ensure the proper provision of content on our website. Google CDN is a service provided by Google Ireland Limited, which acts as a content delivery network (CDN) on our website.

A CDN helps to provide content from our online offering, in particular files such as graphics or scripts, more quickly with the aid of regionally or internationally distributed servers. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google CDN.

Purpose and legal basis

Storage period

We have no influence on the specific storage period for the processed data; this is determined by Google Ireland Limited. Further information can be found in the privacy policy for Google CDN: https://policies.google.com/privacy.

Google DoubleClick

Type and scope of processing

We have integrated components from Google DoubleClick into our website. DoubleClick is a Google brand under which special online marketing solutions are primarily marketed to advertising agencies and publishers. DoubleClick by Google transfers data to the DoubleClick server with every impression, click or other activity.

Each of these data transfers triggers a cookie request to the browser of the person concerned. If the browser accepts this request, DoubleClick sets a cookie in your browser.

DoubleClick uses a cookie ID that is necessary for the technical process. The cookie ID is required, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to track which advertisements have already been displayed in a browser in order to avoid duplicate placements. Furthermore, the cookie ID enables DoubleClick to track conversions. Conversions are tracked, for example, when a user has previously seen a DoubleClick advertisement and subsequently makes a purchase on the advertiser’s website using the same internet browser.

A DoubleClick cookie does not contain any personal data, but may contain additional campaign identifiers. A campaign identifier is used to identify the campaigns you have already been exposed to on other websites. As part of this service, Google obtains data that Google also uses to generate commission statements. Among other things, Google can track that you have clicked on certain links on our website. In this case, your data is passed on to the operator of DoubleClick, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Further information and the applicable data protection regulations of DoubleClick by Google can be found at https://policies.google.com/privacy.

Purpose and legal basis

We process your data with the help of the DoubleClick cookie for the purpose of optimising and displaying advertising on the basis of your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Among other things, the cookie is used to place and display user-relevant advertising and to create or improve reports on advertising campaigns. Furthermore, the cookie serves to prevent the same advertisement from being displayed multiple times. Each time you visit one of the individual pages of our website on which a DoubleClick component has been integrated, your browser is automatically prompted by the respective DoubleClick component to transmit data to Google for the purpose of online advertising and commission billing. There is no legal or contractual obligation to provide your data. If you do not give us your consent, you can still visit our website without restriction, but not all functions may be fully available.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. Data transfers to the USA are carried out in accordance with Art. 45 (1) GDPR on the basis of the adequacy decision of the European Commission. The US companies involved and/or their US subcontractors are certified under the EU-US Data Privacy Framework (EU-US DPF).

Storage period

Google Tag Manager

Type and scope of processing

We use Google Tag Manager from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface and enables us to control the precise integration of services on our website.

This allows us to flexibly integrate additional services in order to evaluate user access to our website.

Purpose and legal basis

The use of Google Tag Manager is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG.

Storage period

Google reCAPTCHA

Type and scope of processing

We have integrated components from Google reCAPTCHA into our website. Google reCAPTCHA is a service provided by Google Ireland Limited that enables us to distinguish whether a contact request originates from a natural person or is automated by a programme. When you access this content, you establish a connection to servers of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, whereby your IP address and, if applicable, browser data such as your user agent are transmitted. Furthermore, Google reCAPTCHA records the user’s dwell time and mouse movements in order to distinguish automated requests from human ones. This data is processed exclusively for the above-mentioned purposes and to maintain the security and functionality of Google reCAPTCHA.

Purpose and legal basis

The use of Google reCAPTCHA is based on your consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) TDDDG.

In cases where no adequacy decision by the European Commission exists (including US companies that are not certified under the EU-US DPF), we have agreed on other appropriate safeguards with the recipients of the data within the meaning of Art. 44 ff. GDPR. Unless otherwise specified, these are standard contractual clauses of the European Commission in accordance with Implementing Decision (EU) 2021/914 of 4 June 2021. You can view a copy of these standard contractual clauses at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

Storage period

VideoJS CDN

Type and scope of processing

We have integrated VideoJS CDN into our website. VideoJS CDN is a component of the Brightcove Inc. video platform, which allows users to upload content, share it via the internet and receive detailed statistics.

VideoJS CDN enables us to integrate content from the platform into our website.

VideoJS CDN uses cookies and other browser technologies to evaluate user behaviour, recognise users and create user profiles. This information is used, among other things, to analyse the activity of the content listened to and to create reports.

When you access this content, you connect to servers belonging to Brightcove Inc., Boston, Massachusetts, US, whereby your IP address and, if applicable, browser data such as your user agent are transmitted.

Purpose and legal basis

The use of VideoJS CDN is based on your consent in accordance with Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG.

Storage period

We have no influence on the specific storage period of the processed data; this is determined by Brightcove Inc. Further information can be found in the privacy policy for VideoJS CDN: https://www.brightcove.com/de/legal/privacy.