The controller responsible for data processing on this website is:
Wegener + Stapel GmbH & Co. KG
Goldbergweg 22
D-29303 Bergen
phone: +49 5051 478-0
fax: +49 5051 478-20
e-Mail: info(at)wegenerplusstapel.com
The controller decides alone or jointly with others on the purposes and means of processing personal data (e.g. names, contact details, etc.).
We have appointed a data protection officer.
Tim Walter
Hafenstraße 1a
23568 Lübeck
E-Mail: tim.walter(at)hub24.de
We have designed the website to collect as little data as possible from you. In doing so, we always ensure that your personal data is only processed in accordance with a legal basis or with your consent. We comply with the provisions of the General Data Protection Regulation (GDPR) in force since 25 May 2018 and the applicable national regulations, such as the Federal Data Protection Act, the Telecommunications Telemedia Data Protection Act or other more specific laws on data protection.
We always process your personal data for a specific purpose.
In summary, we process your personal data for the following purposes:
a) To be able to process your request when you contact us (e.g. email address, first name, surname);
b) For the technical realisation of our website and to be able to provide you with our information on this website (e.g. IP address, cookies, browser information)
c) To receive and process an application from you for one of our job vacancies.
We process personal data that is required for the establishment, implementation or processing of our range of services (contract processing) on the legal basis of Art. 6 para. 1 lit. b GDPR. Insofar as we obtain your consent for the processing of your personal data, the consent pursuant to Art. 6 para. 1 lit. a GDPR forms the legal basis for data processing. Data processing is also permitted if we process your data to protect our legitimate interests and your interests or fundamental rights and freedoms with regard to the processing of personal data do not outweigh this. (Art. 6 para. 1 lit. f GDPR) If we use external service providers as part of commissioned data processing, the processing is carried out on the legal basis of Art. 28 GDPR.
When using the website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. f GDPR):
· IP address
· Date and time of the enquiry
· Time zone difference to Greenwich Mean Time (GMT)
· Content of the request (specific page)
· Access status/HTTP status code
· Amount of data transferred in each case
· Website from which the request originates
· browser
· Operating system and its interface
· Language and version of the browser software.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Further information on this can be found under ‘Cookies’ in this privacy policy.
Cookies are small text files that are stored on your data carrier and save certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the domain from which the cookie data was sent as well as information about the age of the cookie and an alphanumeric identifier.
Cookies enable our systems to recognise the user's device and make any default settings immediately available. As soon as a user accesses the platform, a cookie is transferred to the hard drive of the user's computer. Cookies help us to improve our website and offer you a better and more personalised service. They enable us to recognise your computer or (mobile) device when you return to our website and thereby:
- Store information about your favourite activities on the website and thus tailor our website to your individual interests.
- Speed up the processing of your enquiries.
Cookies are only used for the technical realisation of this website.
You can contact us by e-mail. In this case, we store the personal data transmitted by you in order to process your request and to contact you to process your request. The requested data is transmitted to us by you on a purely voluntary basis.
Depending on the type of enquiry, the legal basis for this processing is Art. 6 para. 1 lit. b GDPR for enquiries that you make yourself as part of a pre-contractual measure or Art. 6 para. 1 sentence 1 lit. f GDPR if your enquiry is of a different nature. The legitimate interest follows from the aforementioned purposes. If personal data is requested that we do not need for the fulfilment of a contract or to protect legitimate interests, it will be transmitted to us on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR.
Microsoft Teams is a service provided by Microsoft Ireland Operations, Ltd.
- We have concluded a data processing agreement with the provider for this purpose.
Microsoft Teams is part of the Office 365 cloud application and Microsoft reserves the right to process customer data for its own business purposes.
We have concluded data protection agreements and EU standard contracts with Microsoft to guarantee a minimum level of data protection. Furthermore, appropriate default settings have been made to fulfil the requirements of the GDPR. These are regularly reviewed in order to maintain an appropriate level of data protection.
To the extent Microsoft processes personal data in connection with Microsoft's legitimate business operations, Microsoft is an independent data controller for such use and, as such, is responsible for compliance with all applicable laws and data controller obligations.
The following personal data is processed: User details:
• Display name,
• e-mail address,
• Preferred language,
• Metadata: e.g. date, time, telephone number, location.
Various types of data are processed when using ‘Microsoft Teams’. The scope of the data depends on the information you provide before or when participating in an ‘online meeting’. We also use Teams to conduct job interviews. These interviews are not recorded.
Details of the user / applicant:
• First name,
• Surname,
• Telephone (optional),
• e-mail address, password (if ‘single sign-on’ is not used),
• Profile picture (optional),
• Department (optional)
• Topic, description (optional),
• Subscriber IP addresses,
• Device/hardware information
• Information on the incoming and outgoing call number,
• country name,
• start and end time.
If necessary, further connection data such as the IP address of the device can be saved.
You may have the option of using the chat, question or survey functions in an ‘online meeting’. In this respect, the text entries you make are processed in order to display them in the ‘online meeting’ and, if necessary, to log them. In order to enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device will be processed accordingly for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time via the ‘Microsoft Teams’ applications.
To participate in an ‘online meeting’ or enter the ‘meeting room’, you must at least provide information about your name.
Automated decision-making within the meaning of Art. 22 GDPR is not used.
The use of ‘Microsoft Teams’ is based on Art. 6 para. 1 lit. f) GDPR. In these cases, we are interested in the effective organisation of online meetings and cooperative collaboration.
Otherwise, the legal basis for data processing when conducting ‘online meetings’ is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) GDPR. Here too, we have an interest in the effective organisation of online meetings.
Personal data that is processed in connection with participation in ‘online meetings’ is not passed on to third parties unless it is intended to be passed on.
The provider of Microsoft necessarily receives knowledge of the above-mentioned data insofar as this is provided for in our order processing contract with Microsoft.
The data collected by Microsoft is stored exclusively on European servers.
We publish job vacancies on our website that you can apply for by e-mail. If you decide to apply for an open position, we will process the personal data you provide there and transmit to us exclusively for the purpose of carrying out the application process.
The legal basis for the processing of your personal data as part of the application process is Section 26 (1) in conjunction with (2) BDSG.
In the event of a rejection, we will delete your data as soon as a retention period of 6 months required by labour law has expired. This period begins when the rejection is sent. If you have expressly consented to the further use of your data for subsequent contact regarding positions that may be of interest to you, we will continue to store your data in accordance with your consent.
If an employment relationship is established following the application process, the data will initially continue to be stored to the extent necessary and permitted and then transferred to the personnel file.
Otherwise, data will only be transferred to recipients outside the company if this is permitted or required by law, if the transfer is necessary to fulfil legal obligations or if you have given your consent. A transfer to a third country is not intended.
The provision of personal data as part of the application process is not required by law or contract. You are therefore not obliged to provide the personal data. However, the provision of personal data is necessary for the decision on an application or the conclusion of a contract of employment with us. However, you should only provide the personal data that is necessary for the acceptance and realisation of your application. If you do not provide us with any personal data in an application, we cannot make a decision on the establishment of an employment relationship.
Please note that applications that you send to us by e-mail are transmitted unencrypted. In this respect, there is a risk that unauthorised persons may intercept and use this data.
In order to present our company in the best possible way and to communicate with you as a user, customer or interested party and to inform you about the services we offer, we make use of our presence on social networks. When using social networks, data is processed outside the European Union (EU) and the European Economic Area (EEA). An equivalent level of data protection as exists in the EU cannot be guaranteed in all countries outside the EU.
In this context, there may be risks for you as a user if the transmitted data is processed in so-called third countries with an inadequate level of data protection.
This makes it more difficult to enforce known user rights. In addition, your data may not be processed in your interest by the provider in the third country.
In the USA, there is no level of data protection comparable to the requirements of the GDPR. It is possible that government agencies may access personal data without us or you being aware of this. Enforcement of your rights is probably not possible in the USA.
In addition to the respective provider of a social network, we also collect and process personal user data on so-called ‘fan pages’. This notice informs you which data we collect from you on our social media sites, how we use it and how you can object to the use of your data. The respective data processing purposes and data categories can be found in the respective offer listed in more detail below.
The activities in social media operated by us and described in more detail below are carried out on the basis of a balancing of interests in accordance with Art. 6 para. 1 lit. f) GDPR.
To achieve this, cookies are used which record user behaviour and enable the user to be profiled.
A specific list of the purposes for which user data is processed can be found in the data protection notices of the respective providers. By making the appropriate settings in your user account, you can restrict profiling, at least to a certain extent. For the exact procedure, please read the corresponding data protection information of the respective provider.
The relevant platforms are:
| Platform | Responsible body | Data protection information of the platform operator |
| | LinkedIn Ireland Unlimited Company |
Wegener + Stapel GmbH & Co. KG operates profiles on the listed platforms in order to draw attention to products and services and to interact with customers, interested parties and other users of the platform.
In this context, the platform operators also use certain data that they have collected from users of the platform (e.g. whether a photo on a profile has been ‘liked’ or commented on) to create aggregated usage statistics and make them available to the respective operators of the profile (so-called ‘insights’ or ‘analytics’). We as the profile operator also receive such usage statistics. The information we receive as the profile operator does not allow us to draw any conclusions about individual users. The profile operator itself has no access to personal data that the platform operator processes for the creation of usage statistics. Only the respective platform operator determines which data is processed for these purposes and how. Wegener + Stapel GmbH & Co. KG, as the profile operator, has no legal or actual influence on the processing by the platform operators.
For processing in connection with the creation of usage statistics, Wegener + Stapel GmbH & Co. KG and the respective platform operator are considered joint controllers within the meaning of Art. 26 GDPR.
Where possible, joint controllership agreements are in place with the respective platform operators.
In addition, data processing by Wegener + Stapel GmbH & Co. KG as profile operator only takes place to a very limited extent:
o Processing of usernames and comments that are deleted due to a breach of netiquette. These will be retained within the limitation period to provide any necessary evidence in the event of legal disputes.
o Processing of usernames and individual messages when you contact us via messenger services
o Recruiting potential applicants on career platforms
For these purposes, we generally only process your name, message content, comment content and the profile information you have provided ‘publicly’.
You have the right:
If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.
If you wish to exercise your right of cancellation or objection, simply send an email to info(at)wegenerplusstapel.com.
Your personal data will be shared as described below.
Data will also be shared if we are authorized or required to do so by law and/or official or court orders. This may, in particular, involve providing information for the purposes of law enforcement, averting danger, or enforcing intellectual property rights.
To the extent that your data is passed on to service providers to the extent necessary, they will only have access to your personal data to the extent necessary to fulfill their tasks. These service providers are obligated to treat your personal data in accordance with applicable data protection laws, in particular the GDPR. To the extent that your personal data is processed on our behalf based on order processing agreements pursuant to Art. 28 GDPR, we ensure that the processing of personal data is carried out in accordance with the General Data Protection Regulation.
We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an appropriate level of data protection comparable to the standards within the EU is established at the recipient before transferring your personal data. This can be achieved, for example, through EU standard contracts or binding corporate rules or special agreements to whose provisions the company can submit itself.
We protect our website through technical and organizational measures against the loss, destruction, access, alteration, or distribution of your data by unauthorized persons.
In particular, your personal data is transmitted encrypted. We use the SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption system. Our security measures are continuously improved in line with technological developments.
Regarding the storage period, we delete personal data as soon as its storage is no longer necessary to fulfill the original purpose and statutory retention periods no longer apply. The statutory retention periods determine the final duration of personal data storage. After the expiration of the retention period, the corresponding data is routinely deleted. If retention periods exist, processing is restricted by blocking the data.
When you access websites linked to our website, you may be asked again for information such as your name, address, email address, browser settings, etc. This privacy policy does not govern the collection, disclosure, or handling of personal data by third parties.
Third-party service providers may have different and separate policies regarding the collection, processing, and use of personal data. Therefore, we recommend that you familiarize yourself with the third-party websites' practices for handling personal data before entering personal data.
As of: April 2024