[As of: 21.08.2025]
With this information, the controller named in section 1 ("We") informs the user of the website ("you" or "user") in accordance with Art. 13 and 14 of the General Data Protection Regulation (GDPR) about the collection and processing of personal data. At the same time, we inform you if we store information on the end device you use when accessing our websites or if we access information that is already stored on your end device.
For the use of websites of other providers, to which reference is made e.g. via links, the data protection information provided there applies.
A. General Information
1. Controller and Data Protection Officer
1.1 Controller
The data controller for this website is: …[Implementation note: Name, postal address, email address of the controller, cf. Art. 13(1)(a) and Art. 14 GDPR.]
1.2 Data Protection Officer
You can reach the data protection officer by email at [Note: Enter the email address of the data protection officer, but this is not mandatory], or via the address in section 1.1 with the address supplement "c/o the Data Protection Officer." [Implementation note: If there is no obligation to appoint a data protection officer, the preceding sentence is replaced by: "We are not required to appoint a data protection officer." cf. Art. 13(1)(b) and Art. 14 GDPR.]
1.3 Hosting
Our website is hosted by ALL-INKL.COM (www.all-inkl.com), i.e., technically provided on the web servers of this web host. The web host is a processor commissioned by us in accordance with Art. 28 GDPR. [Implementation note: the last sentence is only correct if you have actually concluded a data processing agreement with us.]
2. Rights of the Data Subject
As a "data subject," you have the following rights if personal data concerning you is collected by us:
2.1 Right of Access
You can request access to your personal data that we process in accordance with Art. 15 GDPR.
2.2 Right to Object
You have a right to object for reasons arising from your particular situation according to Art. 21(1) GDPR. We will inform you about this separately from this information under section "B".
2.3 Right to Rectification
If the information concerning you is no longer accurate, you can request a rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request its completion.
2.4 Right to Erasure
You can request the erasure of your personal data under the conditions of Art. 17 GDPR.
2.5 Right to Restriction of Processing
In the cases of Art. 18 GDPR, you have the right to request a restriction of the processing of your personal data ("blocking").
2.6 Right to Lodge a Complaint
If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your choice in accordance with Art. 77(1) GDPR.
2.7 Right to Data Portability
In the event that you have provided us with personal data in accordance with Art. 20(1) GDPR, you have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a structured, commonly used and machine-readable format. The collection of data for the provision of the website and the storage of log files (see section 3.1 below) are strictly necessary for the operation of the website. They are therefore not based on consent pursuant to Art. 6(1)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, but are justified under Art. 6(1)(f) GDPR. The requirements of Art. 20(1) GDPR are therefore not met in this respect.
3. Procedure: Provision of the Website and Creation of Log Files
3.1 What data is processed for what purpose?
Each time the content of the website is accessed, the web server of our web host, where our website is stored, temporarily collects and stores information (data) from the internet browser of the user's accessing computer or end device. This data may allow for the identification of the user and is therefore personal data.
3.1.1 The following data is collected and stored by our web host:
- IP address of the user,
- Date and time of the website access,
- The protocol, e.g., HTTP,
- The request method "Get" or "Post",
- Content of the request or specification of the retrieved file that was transmitted to the user,
- The access status (successful transmission, error, etc.),
- The amount of data transferred in bytes,
- Inbound and outbound data traffic ("traffic"),
- A process identification number ("Process ID"),
- The time it took for the web server to respond to the user's request,
- The website from which the user's access originated,
- The browser used by the user, the operating system, the interface, the browser language, and the version of the browser software.
3.1.2
The temporary storage of this user data is necessary for the course of a website visit in order to enable the delivery of the website. For this purpose, the user's IP address must necessarily be stored for the duration of the session (i.e., the website visit).
3.1.3
Further storage of the IP address with the aforementioned data from the list above for this purpose takes place in log files. This is done so that our web host can ensure the functionality of the website and the security of the information technology systems.
3.2 On what legal basis is this data processed?
The data from section 3.1 is collected and processed by our web host for the aforementioned temporary storage purpose and also for the further storage purpose in accordance with Art. 6(1)(f) GDPR. This purpose also constitutes the legitimate interest in data processing. This legitimate interest is the interest of our web host, but also our legitimate interest in a functional website.
3.3 Are there other recipients of the aforementioned data besides the controller?
Our web host, as our processor, has technical access to the data mentioned in 3.1.
3.4 How long is the data stored?
The data from 3.1.1 is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of providing the website, this is the case when the respective session is ended. The log files are kept for a maximum of 7 days, unless a security incident requires longer storage. [Implementation note: Here you must describe any different individual handling on your part, deviating from the standard text.]
3.5 Is there an obligation to provide the data?
You must provide the data from 3.1 to our web host. Otherwise, you cannot technically use our website and our web host cannot guarantee secure technical operation.
4. Data Processing Procedures
4.1 Data and information processing requiring consent
Insofar as we may only collect and process personal data with your consent, we provide information on this in our consent banner in the context of the consent dialog.
4.2 Use of email address and contact form data based on legitimate interests
4.2.1 What data is processed for what purpose?
Insofar as we provide you with an email address and a contact form with input fields, this serves the purpose of allowing you to contact us. If you transmit personal data to us, it will be stored and processed by us for the purpose of contacting you. [Implementation note: If you design your contact form for other purposes, you must change the standard text and also inform about these purposes. For example, if you also forward the entered and transmitted personal data for third-party advertising.]
4.2.2 On what legal basis is this data processed?
The data from section 4.2.1 is processed on the basis of Art. 6(1)(f) GDPR (legitimate interest of us as the controller). If your request is aimed at concluding a contract, then Art. 6(1)(b) GDPR is an additional legal basis (initiation, conclusion, and performance of a contract).
4.2.3 Are there other recipients of the aforementioned data besides the controller?
Our web host, as our processor, has technical access to the data mentioned in 4.2.1. [Note: If you use another service provider (mail provider), it should be named instead of "Our web host".]
4.2.4 How long is the data stored?
The data from 4.2.1 is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent to us via email or the contact form, this is the case when the respective correspondence with the user has ended and storage is no longer necessary for other reasons. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been finally clarified.
4.2.5 Is there an obligation to provide the data?
You are not obliged to provide us with data from 4.2.1. You do not have to communicate with us.
4.3 Use of the session cookie "wbk_sid" based on legitimate interests
[Implementation note: If the login and contact forms are not used, section 4.3 is omitted, as this cookie is not set. If only one of the two services is omitted, the text below should be for only one or the other service.]
4.3.1 What data is processed for what purpose?
As soon as you use the login form or the contact form, the session cookie "wbk_sid" is stored on your end device by default. This cookie contains a long combination of numbers and letters ("ID"). The purpose of the cookie is to recognize the user as such when submitting login data or contact information and to distinguish them from malicious users (e.g., SPAM bots).
4.3.2 On what legal basis is this data processed?
Although the information in this cookie constitutes personal data, the use of the cookie "wbk_sid" does not require consent under data protection law because the data processing is necessary to protect the legitimate interests of the website operator and because the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, do not override them. The legal basis for data processing is therefore Art. 6(1) sentence 1(f) GDPR.
4.3.3 Are there other recipients of the aforementioned data besides the controller?
Our web host, as our processor, has technical access to the data mentioned in 4.3.1.
4.3.4 How long is the data stored?
When the user closes the browser, the cookie is automatically deleted from the user's operating system. It is therefore only valid for the duration of the visit to the websites (session cookie).
4.3.5 Is there an obligation to provide the data?
You are obliged to provide us with data from 4.3.1. Otherwise, you cannot use the login form or the contact form.
4.3.6 Consent for the use of the cookie?
Your consent to the storage of information for the "wbk_sid" cookie on your end device or our access to this information stored on your end device is not required because the storage and/or access are strictly necessary for you to be able to use the login form or the contact form (§ 25(2) No. 2 TTDSG).
4.4 <if necessary, another data processing procedure>
[Implementation note: If you want or need to inform about other data processing procedures, you can use the following structure as a template for each procedure and briefly describe the procedure in the heading, e.g., "Use of comment function"]
4.4.1 What data is processed for what purpose?
[Implementation note: your text for the other data processing procedure follows here]
4.4.2 On what legal basis is this data processed?
[Implementation note: your text for the other data processing procedure follows here]
4.4.3 Are there other recipients of the aforementioned data besides the controller?
[Implementation note: your text for the other data processing procedure follows here]
4.4.4 How long is the data stored?
[Implementation note: your text for the other data processing procedure follows here]
4.4.5 Is there an obligation to provide the data?
[Implementation note: your text for the other data processing procedure follows here]
5. Processing of Information from Your End Devices
5.1 Requirement for Consent
Insofar as we want to store information on the end device you use when visiting our websites and/or access information that is already stored on your end device, we will ask for your consent on the basis of clear and comprehensive information. This is done via a consent banner used by us. We obtain any necessary consent before we access the information. Your consent can be revoked by you at any time. For certain purposes specified in the law, however, your consent is not necessary, so we do not ask for it in these cases. Consent is not required, on the one hand, if the sole purpose of storing information on the end user's end device or the sole purpose of accessing information already stored on the end user's end device is to carry out the transmission of a communication over a public telecommunications network. On the other hand, consent to the use of your end device is not required if the storage of information on the end user's end device or access to information already stored on the end user's end device is strictly necessary for us as a provider of a telemedia service to be able to provide a telemedia service explicitly requested by the user.
5.2 Technologies Used (Cookies)
Such access to end devices is possible via certain technologies. The best-known technology involves cookies. Cookies are objects that can be stored in the internet browser or by the internet browser on the user's end device. When a user accesses a website, the server of the website operator or a third party can read the cookie stored there via the user's operating system and consequently the information stored therein. A cookie may, but does not have to, contain a characteristic string of characters that enables the user's browser to be uniquely identified when the website is accessed again.
5.3 Possibility of Removal
The user can prevent or restrict the installation of cookies by adjusting their browser settings accordingly. Cookies that have already been stored can also be deleted by the user at any time via their browser. The settings for this depend on the respective browser. However, if the user prevents or restricts the installation of cookies, this may mean that not all functions of the website can be used to their full extent. What applies to cookies also applies to other technologies that make use of the user's end device.
5.4 Technologies Requiring Consent
Our consent banner on the website provides information about cookies and similar technologies that require consent.
5.5 Technologies Not Requiring Consent
For cookies and similar technologies that do not require consent, we have documented internally that consent is not required according to § 25(2) TTDSG.
6. Consent Banner
6.1 Purpose of the Consent Banner
In order to obtain legally required consent from you for certain services or functions, or to respect your revocation in this regard, a consent banner is displayed to you. Your consent or non-consent concerns our use of your end device (computer, laptop, smartphone, tablet) through cookies or similar technologies, by which information can be stored on or read from your end device. Your consent may also be required for the processing of personal data by us or third parties in accordance with Art. 6(1) sentence 1(a) GDPR, which is associated with your use of our websites. In certain cases, the law permits us to use your end device without consent and/or also to subsequently process your personal data without your consent.
6.2 Functionality of the Consent Banner
The consent banner informs you about all services or functions that require your consent before we use the service or function. The consent banner consists of an overview of all processing operations requiring consent and describes details for each so that you as a user can assess the meaning and scope of your consent. You can consent to each process via a button/click area by activating it or reject this process by deactivating it. There are three decision options:
- Selecting "Make selection and save" results in the user's decision being saved as they made it through their selection via the buttons/click area. All services and functions requiring consent to which the user agrees are active and can be used. The services and functions that cannot be used without consent are not integrated on the website.
- Selecting "Reject all and save" results in this decision not being saved. The user's decision is thus that they do not consent to anything that requires their consent, which means that all services and functions requiring consent will not work for this user. The banner is hidden.
- Selecting "Accept all and save" means that all services and functions requiring consent are "live". This means that you have given consent in accordance with the GDPR and also agree to the use of your end device. The banner is then hidden.
During their further use of the websites, the user can actively trigger the display of the consent banner by revoking a previously granted consent or by providing a consent that was not initially required. To do this, they click on the "Consent settings" link. The consent banner will reappear.
Your consent can therefore be revoked at any time with effect for the future. A later revocation no longer affects the lawfulness of the access or storage of information that took place up to the point of revocation.
6.3 Storage of Consent
All three of the user's decisions mentioned ("Make selection and save", "Reject all and save", or "Accept all and save") are each stored via the browser of the user's end device in the so-called "Local Storage" on the user's end device. The storage there is permanent. The information is stored in the object "wbkConsent". This technique is not a cookie in the strict sense. The information in "wbkConsent" also has no personal reference, i.e., the user is not recognized if they visit the WBK user's website again. The selection decision for consent is not stored on our server. This use of the user's end device is exempt from consent according to § 25(2) No. 2 TTDSG (user request). [Implementation note: If you integrate content requiring consent into your website and do not link it to the consent banner (which we strongly advise against), then not all information under points 5 and 6 is correct and must be adjusted.]
7. Technical Measures
7.1 SSL/TLS Encryption
For security reasons and to protect the transmission of confidential content, such as inquiries you send to us as the site operator, our websites are equipped with active SSL or TLS encryption. An encrypted connection can be recognized by the fact that the address line of the browser changes from "http://" to "https://" and a lock symbol appears in the browser line. As a result of this encryption, data that you transmit to us cannot be read by third parties. [Note: Make sure that you have a valid SSL/TLS certificate stored in the KAS and that the "Enforce SSL" option is activated. If this is not done, then section 7.1 of this privacy policy is incorrect and may not be used.]
7.2 End-to-End Communication
If you contact us using an email address provided on our websites, the transport of the content of the email to us is not end-to-end encrypted. This means that the emails are usually encrypted during transport via the participating email providers, but are unencrypted on their servers. Contacting us via the provided contact form is therefore technically a secure communication.
7.3 Video Integration
Insofar as you can view videos on our websites that are marked as external links to third-party websites, this is done exclusively via the technique of linking to the respective referenced website or to a video portal of a third-party provider. These videos are stored there under the data protection responsibility of the respective third-party provider. The respective referenced website or video portal is therefore not directly embedded in our websites. This ensures that user information is not transmitted to the portal simply by loading the webpage on which the video is integrated. It also ensures that cookies or similar technologies for tracking user activities of the portals or their advertising partners cannot be set on your end device via the mere link. Only after you deliberately click on the video preview image is a connection to the third-party provider's portal established and the associated data processing triggered. This and the possible data processing of your user data on the linked portal then happens exclusively at your request to watch the video there. The data processing triggered by this is outside our sphere of influence and is subject to the responsibility of these third-party providers, who provide more or less detailed information about their data processing. If you do not agree with the data processing by the third-party provider, please do not click on the video preview image. [Implementation note: As soon as you integrate external videos outside of the video widget described above, you must fully inform yourself about the associated use of the end devices of your website users and the associated data processing and inform your users accordingly.]
B. Special Information
Special right to object according to Art. 21(1) GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data which is based on Article 6(1)(f) GDPR (processing for the purposes of our legitimate interests or those of a third party), in accordance with Art. 21(1) GDPR. You can direct the objection to the address in section 1.1.
We will then no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves for the establishment, exercise or defense of legal claims.
In the event of your objection, you must explain to us in detail your potentially existing interests (your "particular situation"), so that we can carry out a new balancing of interests. If our interests in further storage do not override, the personal data stored in the course of contacting us will be deleted. If they still override, the data processing will be continued by us.
[Implementation note: Art. 21(4) GDPR requires that the notice of the special right to object must be provided in an intelligible and "in a form separate from other information". Therefore, this GDPR right is not in Chapter A, Section 2 – Rights of the Data Subject – but here at the end of the data protection information]