Data protection and data security are among the most important principles of WSW Software GmbH. WSW Software GmbH attaches great importance to the protection of privacy and observes the legal data protection regulations. In the following, we explain how we handle your personal data.
Table of contents
1. person in charge
Responsible for the collection, processing and use of your personal data within the meaning of the GDPR is:
WSW Software Limited Liability Company
Phone: +49 (0) 89 89 50 89-0
Fax: +49 (0) 89 89 50 89-190
Managing Director: Klaus Müer
1.1 Name and contact details of the data protection officer
Tel.: +49 (0) 89 89 50 89 160
1.2 Legal bases for the processing
Insofar as we obtain the consent of the data subject for processing operations involving personal data, Article 6(1)(a) of the General Data Protection Regulation (GDPR) serves as the legal basis.
We process your personal data for the performance of contracts and rely on Article 6(1)(b) DSGVO as the legal basis for this. This also applies to processing operations for the implementation of pre-contractual measures.
Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) DSGVO serves as the legal basis.
If the processing is necessary to protect a legitimate interest of our company and the interests, fundamental rights and freedoms of the data subject do not override the former interest, Article 6(1)(f) DSGVO serves as the legal basis for the processing. Our interests in data processing are in particular to ensure the operation and security of the website, to study the way visitors use the website and to facilitate the use of the website.
Types of data processed:
- Contact information (e.g., email, phone numbers);
- Content data (e.g. text input, photographs);
- Usage data (e.g. web pages visited, interest in content, access times);
- Meta/communication data (e.g. device information, IP addresses);
Visitors and users of the online offer. In the following, we also refer to the persons concerned collectively as "users".
Purpose of processing
- Provision of the online offer, its functions and contents;
- Respond to contact requests and communicate with users;
- Reach measurement/marketing
- Feedback (e.g. collecting feedback via online form)
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
"Processing" means any operation or set of operations which is performed upon personal data, whether or not by automatic means. The term is broad and includes virtually any handling of data.
Controller" means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data.
We have leased data centers for the operation and provision of this website. These data centers comply with various certifications, including ISO 27001.
The hosting services used by us serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services, which we use for the purpose of operating this online offering.
In doing so, we or our hosting provider process inventory data, contact data, content data, contract data, usage data, meta data and communication data of customers, interested parties and visitors of this website on the basis of our legitimate interests in an efficient and secure provision of this online offer pursuant to Article 6 (1) letter f DSGVO in conjunction with Article 28 DSGVO. Article 28 DSGVO (conclusion of order processing contract).
The data centers are located in the European Union. To the extent that personal data of EU citizens is transferred to data centers outside the European Union, we only transfer data to a third country if an adequacy decision pursuant to Article 45 of the GDPR or appropriate safeguards pursuant to Article 46 of the GDPR are in place. As a rule, we achieve appropriate safeguards under Article 46 DSGVO and an adequate level of data protection by concluding the Standard Contractual Clauses (SCC) issued by the European Commission with the receiving entity.
Unless specifically stated, we store personal data only for as long as necessary to fulfill the purposes pursued.
2 General use of this website
If you would like to prevent further cookies from being accepted by your browser, to be notified when you receive new cookies, or to turn off all cookies, access the Help function in the menu bar of your web browser. Similar features to Flash cookies used by browser add-ons can be disabled or deleted by either changing the settings of the browser add-on or following the disabling instructions on the respective manufacturer's website.
To manage your cookie settings, simply click on the button with the fingerprint on the bottom left of your page and select which cookies you want to allow.
2.2 Use of web fonts
This site uses so-called web fonts for the uniform display of fonts, which are provided by MyFonts Inc., 600 Unicorn Park Drive, Woburn, MA 01801, USA. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
For this purpose, the browser you use must connect to the servers of MyFonts. This enables MyFonts to know that our website has been accessed via your IP address. The use of MyFonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) DSGVO. If your browser does not support web fonts, a standard font is used by your computer.
For more information about MyFonts, please visit:
2.3 Access data
WSW collects information about you when you use this website. We automatically collect information about your usage behavior and your interaction with us and register data about your computer or mobile device. We collect, store and use data about each access to our online offer (so-called server log files). The access data includes the name and URL of the accessed file, date and time of access, amount of data transferred, notification of successful access, browser type and version, operating system, referrer URL (i.e. the previously visited page), IP address and the requesting provider.
We use this log data without assigning it to you personally or otherwise profiling it for statistical evaluations for the purpose of the operation, security and optimization of our online offer, but also for the anonymous recording of the number of visitors to our website (traffic) as well as the scope and type of use of our website and services. Based on this information, we can analyze traffic, search for and correct errors and improve our services. We reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete indications. We store IP addresses in the log files for a limited period of time if this is required for security purposes or necessary for the provision of services or the billing of a service. We also store IP addresses if we have a concrete suspicion of a criminal offense in connection with the use of our website. In addition, we store the date of your last visit as part of your account (e.g. when registering, logging in, clicking links, etc.).
The legal basis for the data processing is Article 6 (1) sentence 1 letter f DSGVO. Our legitimate interest follows from the purposes of data collection listed above.
2.4 Contact via e-mail or contact form
Processing purposes and legal bases
We enable you to contact us easily by means of a general e-mail address as well as a contact form. The data you provide or enter will be stored for the purpose of individual communication, such as processing your request. We thus ensure that an exchange with you as well as the processing of further inquiries always takes place promptly.
By entering your data in our contact form, you consent to the processing of this data. The consent constitutes the legal basis for the processing pursuant to Article 6(1)(a) DSGVO.
If you contact us to request a quote, the data entered in the contact form will be processed to carry out pre-contractual measures in accordance with Article 6(1)(b) DSGVO.
Recipient of the data
Our website is maintained by a service provider who acts as a processor for us.
If you send us an inquiry regarding an offer, service providers used by us may receive data for these purposes, provided that they need the data to fulfill their respective service. All service providers are contractually obligated to treat your data confidentially.
Data will be deleted no later than 6 months after processing the request.
If a contractual relationship arises, we are subject to statutory retention periods of up to ten years.
Necessity of the provision
The provision of personal data is neither legally nor contractually required. However, without the information a processing of the request is not possible.
You can find information about your right to object under point 3.6 of this data protection declaration.
2.5 Marketing Automation with SALESmanago
On our website we use the service "SALESmanago" of BENHAUER Sp. z o.o. 21 Grzegórzecka St. 31-532 Krakow, Poland.
This service stores text files (cookies) locally on your terminal device to enable recognition when you visit our website again. With this recognition option, we create an initially pseudonymized user profile in order to subsequently provide you with personalized advertising.
This initially pseudonymized usage profile will not be merged with your personal data without your express consent, which must be given separately. Insofar as such a combination takes place, this is based on the legal basis of consent previously given by you in accordance with Article 6 (1) sentence 1 letter a) DSGVO. In this case, your user profile may be merged with the following, possibly personal data and used:
- First and last name
- E-mail address
- IP address
- Times of visits to online offers of WSW Software GmbH
- Technical browser settings
- Information about the company and position in the company
Furthermore, you can subscribe to our newsletter, which is also sent via SALESmanago, on the basis of your consent pursuant to Article 6 (1) sentence 1 letter a) DSGVO. The only mandatory data for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and will be used to address you personally.
For the Subscribe to our newsletter we use the so-called double opt-in procedure. After your registration, we will send you an e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter. After your confirmation, we store the data you have provided for the purpose of sending the newsletter. If you do not confirm your subscription, your information will be automatically deleted. In addition, we store your IP address and the time of registration and confirmation in order to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
This service evaluates on our behalf whether you open the newsletter and which links you click on. This information is provided to us in aggregated form by the service provider so that we can determine whether the contents of our newsletter are of interest to you as a recipient and whether we can improve our newsletter if necessary. The legal basis for this procedure is Article 6 (1) sentence 1 letter f) DSGVO.
For the purpose of sending the newsletter, the data will only be used until the consent is revoked. Any collection, processing or use of personal data in connection with SALESmanago takes place within the territory of the European Union. There is no obligation on the part of the visitor to provide personal data in the context of the processes described above, and a refusal to do so will not have any detrimental effects.
You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the revocation by clicking on the link provided in every newsletter e-mail, by e-mail to email@example.com or by sending a message to the contact details given in the imprint.
2.6 Online surveys
To conduct surveys, we use the services of LamaPoll, a product of Lamano GmbH & Co. KG (lamapoll.de). The data is processed by LamaPoll on servers of Lamano GmbH & Co. KG, which are located in Germany. You can find more information about data security at www.lamapoll.de/Datenschutz-Sicherheit
2.7 Registration for WSW events
The personal data you provide as part of the event registration form and event registrations will be used for the purpose of event registration and implementation. We will only transfer your personal data to third parties if this is necessary to carry out the event in which you are participating. The information requested is a prerequisite to enable your participation. Consent is voluntary and is given without prejudice to the right of revocation with effect for the future, provided that there are no legal grounds to the contrary. However, non-consent may result in participation in the relevant event becoming impossible.
By registering, you agree that image and sound recordings that may be made during the event may be used for public relations purposes. The photos taken at an event may subsequently be published in print products, on the WSW website and in the employee network. WSW will not pass them on directly to third parties for other purposes. Nevertheless, we would like to point out that the photos can be accessed worldwide when published on the Internet. A further use of these photos by third parties can therefore not be generally excluded. The declaration of consent is valid from the date of registration until the time you leave the event. This declaration of consent can be revoked at any time with effect for the future. The revocation has the effect that published photos will be removed from the WSW websites and no further photos will be posted. Deletion of the photos from the websites may take a few working days after receipt of your revocation. In the case of publication of a group photo, the subsequent revocation of an individual person does not, in principle, result in the image having to be removed.
The legal basis for the processing of the data is your consent pursuant to Article 6 (1) (a) of the General Data Protection Regulation (DSGVO).
For more information on data subject rights, see the following section under "4. Data subject rights„.
2.8 Access and reach measurement
The following data are processed during the reach analysis with the Matomo tool in self-hosting:
- the browser type and version used
- the operating system used
- Country of origin
- Date and time of the request via the server
- Number of visits
- Dwell time on the website
- the external links selected by the visitor.
Before storage, the IP address of the user is anonymized.
Logs with user data are deleted after 13 months at the latest.
Insofar as we inform users about our Privacy settings ask for consent, the legal basis of this processing is Article 6(1)(a). DSGVO. Otherwise, users' personal data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6(1)(f) DSGVO).
Google Analytics 4
Google Analytics is a web analysis service. This collects usage data from our websites and enables us to compile reports on website activity and thus improve the website. The information generated by the service about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to IP anonymization on this website, your IP address will be truncated beforehand by Google within member states of the European Union or the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data processing purposes
This list represents the purposes of data collection and processing.
This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser.
- Pixel tags
This list contains all (personal) data collected during or through the use of the Service.
- IP address
- Date and time of the visit
- Usage data
- Click path
- Browser information
- Device Information
- Visited pages
- Referrer URL
- Flash version
- Location information
- Widget interactions
The following is the required legal basis for the processing of data
- Article 6 paragraph 1 sentence 1 letter a) DSGVO
Place of processing
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
The retention period is the period during which the collected data is stored for processing. The data must be deleted as soon as they are no longer needed for the specified processing purposes.
The data collected with Google Analytics is stored for a period of 14 months.
Transfer to third countries
This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the U.S., there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without you possibly having any legal remedies. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing.
The following is a list of the recipients of the data collected.
- Alphabet Inc.
- Google LLC
- Google Ireland Limited
In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by clicking
a. Do not give your consent to the setting of the cookie or
b. the browser add-on to disable Google Analytics HERE download and install.
Google Adwords Conversion Tracking
We use the offer of Google Adwords to draw attention to our offers with the help of advertising media (so-called Google Adwords) on external websites. Google Conversion Tracking is an analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). We can determine how successful the individual advertising measures are in relation to the data of the advertising campaigns.
The above-mentioned advertising media are delivered by Google via so-called "ad servers". For this purpose, we use ad server cookies, through which certain parameters for measuring success, such as display of the ads or clicks by users, can be measured. If you access our website via a Google ad, Google Adwords will store a cookie on your PC. These cookies usually lose their validity after 30 days and, according to Google, are not intended to identify you personally. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.
These cookies enable Google to recognize your internet browser. If a user visits certain pages of the website of an Adwords customer and the cookie stored on his computer has not yet expired, Google and we can recognize that the user has clicked on the ad and was redirected to this page. A different cookie is assigned to each Adwords customer. Cookies can therefore not be tracked via the websites of Adwords customers. We ourselves do not collect and process any personal data in the aforementioned advertising measures. We only receive statistical evaluations from Google. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data from the use of the advertising media; in particular, we cannot identify users on the basis of this information.
Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our state of knowledge: Through the integration of AdWords Conversion, Google receives the information that you have called up the corresponding part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider learns your IP address and stores it.
If you have consented to the use of Google Ads Conversion Tracking, the legal basis for the processing of your data is this consent pursuant to Article 6(1)(a) DSGVO.
This website uses Mouseflow, a web analytics tool from Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to record randomly selected individual visits (with anonymized IP address only). This creates a log of mouse movements, mouse clicks and keyboard interaction, with the intention of randomly replaying individual visits to this website as so-called session replays as well as evaluating them in the form of so-called heatmaps and deriving potential improvements for this website from them. Furthermore, multiple choice surveys are played out via Mouseflow, with which the satisfaction with the website or certain specific contents is to be recorded. The cookie also records the display of such surveys and the participation. The cookie generated by Mouseflow is deleted after a period of 90 days. The data collected by Mouseflow is not personal and will not be disclosed to third parties and will be stored for a period of 3 months. The processing of the collected data takes place within the EU.
If you do not want Mouseflow to collect your data, you can object to this on all websites that use Mouseflow by clicking on the following link: Opt Out - Mouseflow: Easy Conversion Analytics.
You also have the option at any time to prevent the recording of usage data by the system by using this in the privacy settings.
LinkedIn Insight Tag
This website uses the conversion tool "LinkedIn Insight Tag" of LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our website ("opt-out") click here.
2.9 Online presence in social media
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply.
Integration of third-party services and content
Within our online offer, we use content or service offers of third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6 paragraph 1 letter f DSGVO) in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "content").
This always requires that the third-party providers of this content perceive the IP address of the user, since without the IP address they could not send the content to their browser. The IP address is thus required for the display of this content. We endeavor to use only such content whose respective providers use the IP address only for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be combined with such information from other sources.
Within our online offer, functions and contents of the service Facebook, offered by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, may be integrated. This may include, for example, content such as images, videos or texts and buttons with which users can share content of this online offer within Facebook. If the users are members of the Facebook platform, Facebook can assign the call of the above-mentioned content and functions to the profiles of the users there.
Facebook: Social network; service provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; parent company: Facebook, 1 Hacker Way, Menlo Park, CA 94025, USA; website: https://www.facebook.com;
Opt-out: Settings for advertisements: https://www.facebook.com/settings?tab=ads;
Additional notes on data protection: Agreement on joint processing of personal data on Facebook pages: https://www.facebook.com/legal/terms/page_controller_addendum
Privacy notices for Facebook pages: https://www.facebook.com/legal/terms/information_about_page_insights_data.
If you do not want Facebook to be able to assign your visit to our pages to your user account, please log out of your Facebook user account beforehand.
Measurement of user interaction with our fan page
We use under https://www.facebook.com/wswsoftware/a Facebook fan page. Facebook provides us with page insights for this fan page. Page insights are aggregate data that allow us to understand how users interact with our Fan Page. Page Insights may be based on personal data collected in connection with an individual's visit to or interaction with our Fan Page and its content. In this regard, we are jointly responsible with Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook Ireland") for the processing of Insights data within the meaning of Art. 26 DSGVO and have entered into an agreement with Facebook Ireland for this purpose. You can view this agreement at https://www.facebook.com/legal/terms/page_controller_addendum find. The legal basis for our use of the Facebook Fanpage and Page Insights is a legitimate interest within the meaning of Article 6 (1) (f) of the German Data Protection Act (DSGVO), namely, with regard to the Fanpage, the use of Facebook as a channel for information about our company and, with regard to Page Insights, a better understanding of the interests of visitors to our Fanpage in order to be able to respond to these interests in a targeted manner.
We integrate the videos of the platform "YouTube" of the provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
2.10 Booking appointments via Bookings
We would like to point out that you are not obliged to use Microsoft Bookings to make an appointment. If you do not wish to use the service, please use another of the contact options offered to make an appointment.
Your personal data with regard to the use of the appointment booking option via Microsoft Bookings will not be transferred by us to third countries outside the EU or the European Economic Area. To our knowledge, which is based on the information available from Microsoft, the personal data will also not be transferred by Microsoft to third countries. We have concluded the necessary data protection agreements with Microsoft.
The processing of the data you enter in the online form is based exclusively on your consent pursuant to Article 6 (1) sentence letter a) DSGVO. You can revoke this consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. The data you entered in the online form will remain with us until you request us to delete it, revoke your consent to store it, or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory legal provisions - in particular retention periods - remain unaffected.
3. use of online communication platforms
3.1 Webinars via the GoTo Webinar platform
We use the GoToWebinar platform of LogMeIn Ireland Ltd, The Reflector, 10 Hanover Quay, Dublin 2, Ireland as a third-party provider to conduct webinars. You can find more information about how the third-party provider handles your data at https://www.goto.com/de/company/legal/privacy.
We always observe the legal requirements when selecting third-party providers and their services.
Within the scope of our offer, data of the communication participants are processed and stored on the servers of the third-party provider, insofar as these are part of communication processes with us. This data may include, in particular, registration and contact data, visual and vocal contributions as well as entries in chats and shared screen contents.
If users are referred to third-party providers or their software or platforms in the course of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to observe the data protection notices of the respective third-party providers (see above).
Notes on legal bases:
- Types of data processed: Inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text entries, photographs, videos), usage data (e.g. websites visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
- Affected persons: Communication partners, users (e.g. website visitors, users of online services).
- Purposes of processing: Contractual performance and service, contact requests and communication, office and organizational procedures.
- Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), Contract performance and pre-contractual requests (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).
3.2 Microsoft Teams video conferencing function
To conduct video conferences, we use the Microsoft Teams platform of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA (hereinafter referred to as "third-party provider"). When selecting the Third-Party Providers and their services, we observe the legal requirements.
In this context, data of the communication participants is processed and stored on the servers of the third-party provider, insofar as these are part of communication processes with us. This data may include, in particular, registration and contact data, visual and vocal contributions as well as entries in chats and shared screen contents.
If users are referred to a third-party provider or its software or platform in the course of communication, business or other relations with us, the third-party provider may process usage data and metadata for security purposes, service optimization or marketing purposes. We therefore ask you to read the data protection notice of the third-party provider at https://privacy.microsoft.com/de-de/privacystatement to note.
We only process the personal data that the applicant provides to us or that we receive in a permissible manner as part of the application process. For the use of teams, at least the following personal data of applicants is required:
- Last name
- First name
- E-mail address
Within the scope of use, further personal data may be processed by teams. This depends on the settings selected in each case and the content and functions used during use. In this respect, the text entries made by the applicant are processed in order to display them in the video conference and, if necessary, to log them. For the display of video and audio, data from the microphone of the end device of the applicant as well as from any video camera of the end device are processed according to the duration of the conference. Note: You can switch off or mute the camera or microphone yourself at any time via the Teams applications.
- Types of data processed: Inventory Data (e.g., names, addresses), Contact Data (e.g., email, phone numbers), Content Data (e.g., text entries, photographs, videos), Usage Data (e.g., web pages visited, interest in content, access times), Meta/Communication Data (e.g., , subject, description (optional), subscriber IP addresses, device/hardware information, e.g., browser).
- Affected persons: Communication partners, users (e.g. website visitors, users of online services).
- Purposes of processing: Contractual performance and service, contact requests and communication, office and organizational procedures.
4. rights of the data subject
According to the applicable laws, you have various rights regarding your personal data. If you wish to exercise these rights, please send your request by mail or by e-mail, clearly identifying yourself, to the contact details listed in sections 1 and 1.1. As a data subject, you have the following rights:
4.1 Right to information
You have the right to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
4.2 Right to rectification
You have the right to request that we correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes, you have the right to request the completion of incomplete personal data - also by means of a supplementary statement.
4.3 Right to erasure ("right to be forgotten")
You have the right to request that we delete personal data concerning you without undue delay and we are obliged to delete personal data without undue delay if one of the following reasons applies:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You withdraw your consent on which the processing was based pursuant to Article 6(1) DSGVO(a) or Article 9(2)(a) DSGVO and there is no other legal basis for the processing.
- You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing (e.g. legal retention periods), or you object to the processing pursuant to Article 21(2) of the GDPR.
- The personal data have been processed unlawfully.
- The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.
- The personal data was collected in relation to information society services offered pursuant to Article 8(1) DSGVO.
If we have made personal data public and we are obliged to erase it, we shall take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform data controllers which process the personal data that you have requested erasure of all links to or copies or replications of such personal data.
4.4 Right to restriction of processing
You have the right to request us to restrict processing if one of the following conditions is met:
- the accuracy of the personal data is disputed by you for a period of time that allows us to verify the accuracy of the personal data;
- the processing is unlawful and you refused the erasure of the personal data and requested instead the restriction of the use of the personal data;
- the personal data is no longer required for the purposes of processing, but you need the data to assert, exercise or defend legal claims;
- you have objected to the processing pursuant to Article 21(1) DSGVO, as long as it has not yet been determined whether the legitimate reasons of our company outweigh yours.
4.5 Right to data portability
You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that
- the processing is based on consent pursuant to Article 6(1)(a) DSGVO or Article 9(2)(a) DSGVO or on a contract pursuant to Article 6(1)(b) DSGVO and
- the processing is carried out with the help of automated procedures.
When exercising your right to data portability pursuant to paragraph 1, you have the right to obtain that the personal data be transferred directly from us to another controller, to the extent that this is technically feasible.
4.6 Right of objection
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1), first sentence, points (e) or (f) DSGVO; this also applies to profiling based on these provisions. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If we process personal data for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is associated with such direct marketing.
4.7 Right to revoke consent under data protection law
You have the right to revoke consent to the processing of personal data at any time.
4.8 Right to complain to a supervisory authority
In accordance with Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, workplace or the place of the alleged infringement, if you consider that the processing of personal data concerning you is unlawful.
A list of supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
5. data protection for applications
5.1 softgarden applicant portal
On our website, we offer you the opportunity to conveniently apply to us for advertised positions via a portal provided or linked specifically for this purpose. For this purpose, we use the application platform of softgarden e-recruiting GmbH, Tauentzienstraße 14, 10789 Berlin.
As part of your application process, documents uploaded by you are processed and analyzed in order to extract resume data and convert it into a structured form (so-called "CV parsing"). To ensure data subject rights and security standards, a contract for order processing has been concluded with the providing service provider. The processor is the ISO27001 certified provider Textkernel B.V. Nieuwendammerkade 26 A 5, (1022AB) Amsterdam, The Netherlands. Data processing takes place within the EU on servers in the Netherlands and Germany.
The legal basis for the processing is Section 26 (1) Sentence 1 of the German Federal Data Protection Act (BDSG) and Article 6 (1) Sentence 1 Letter f) of the German Data Protection Regulation (DSGVO), in order to initiate an employment relationship and to make the application process efficient for you. Personal data will not be transferred to third countries. Your data will be routinely deleted in accordance with the relevant retention periods.
Further information on data protection for the softgarden portal can be found under the following link: https://wsw-software.softgarden.io/de/data-security.
5.2 Applicant interviews via video conference
6. data security
We strive to take all necessary technical and organizational security measures to adequately protect your personal data from unauthorized access and misuse at all times. We only handle your personal data to the extent that this is possible in accordance with data protection regulations.
Insofar as personal data is stored or processed, this is done exclusively by certified data center operators (see under Hosting). To protect the security of your data during transmission, we use encryption methods (e.g. SSL) via HTTPS. Servers are secured by means of firewall and virus protection. Furthermore, back-up and recovery procedures as well as role and authorization concepts are a matter of course for us.
Our employees are obliged to observe the regulations of the DSGVO and the BDSG when handling data.
7. automatic decision making
8. disclosure of data to third parties, data transfer to non-EU/EEA countries
In principle, we only use your personal data within our company.
If and to the extent that we involve third parties in the performance of contracts, they will only receive personal data to the extent that the transfer is necessary for the corresponding service.
In the event that we outsource certain parts of data processing ("commissioned processing"), we contractually oblige our commissioned processors to use personal data only in accordance with the requirements of data protection laws and to ensure the protection of the rights of the data subject.
If data transfers to third countries are unavoidable, they will be carried out exclusively in compliance with the legally regulated admissibility requirements. If the transfer of data to a third country is not for the performance of a contract, we do not have the consent of the data subject(s), the transfer is not necessary for the assertion, exercise or defense of legal claims, and no other exemption applies, we will only transfer data to a third country if an adequacy decision pursuant to Article 45 of the GDPR or appropriate safeguards pursuant to Article 46 of the GDPR are in place. As a rule, we achieve appropriate guarantees under Article 46 of the GDPR and an adequate level of data protection by concluding the Standard Contractual Clauses (SCC) issued by the European Commission with the receiving entity.
9. changes to the data protection notice
WSW Software GmbH reserves the right to change the data protection information in order to adapt it to changed legal situations or in the event of changes to the service and data processing. However, this only applies with regard to declarations on data processing. Insofar as user consent is required or components of the data protection information contain provisions of the contractual relationship with the users, the changes will only be made with the consent of the users.
We ask our users to regularly inform themselves about the content of the data protection notice.
Status: April 2023 / Version 14.2