[Status: 01.01.2025]
With this information, the responsible entity mentioned in Section 1 ("We") informs the user of the website ("You" or "User") in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR) about the collection and processing of personal data. At the same time, we inform you when we store information in the end device you use to access our website or when we access information that is already stored in your end device.
For the use of websites of other providers, which may be referenced via links, the respective data protection information of those providers applies.
If we collect personal data from you, you have the following rights as a "data subject":
You can request information under Article 15 GDPR about the personal data we process about you.
You have the right to object under the special conditions of Article 21(1) GDPR. We provide separate information about this under Section "B".
If your data is incorrect or outdated, you can request a correction under Article 16 GDPR. If your data is incomplete, you can request completion.
You may request the deletion of your personal data under the conditions of Article 17 GDPR.
You have the right under Article 18 GDPR to request the restriction of the processing of your personal data ("blocking").
If you believe that the processing of your personal data violates data protection law, you have the right under Article 77(1) GDPR to lodge a complaint with a data protection supervisory authority of your choice.
If you have provided us with personal data under Article 20(1) GDPR, you have the right to receive the data processed based on your consent or a contract in a structured, commonly used, and machine-readable format or have it transmitted to a third party. However, data collected to provide the website and stored log files (see Section 3.1 below) are necessary for operating the website and therefore do not rely on consent under Article 6(1)(a) GDPR or a contract under Article 6(1)(b) GDPR, but are justified under Article 6(1)(f) GDPR. Therefore, the conditions of Article 20(1) GDPR do not apply in this respect.
Each time content from the website is accessed, the web server of our web host, where our website is stored, temporarily collects and stores information (data) from the internet browser of the calling computer or device. This data may allow user identification and is therefore considered personal data.
User's IP address
Date and time of website access
Protocol, e.g., HTTP
Request method "GET" or "POST"
Requested content or file retrieved by the user
Access status (successful transfer, error, etc.)
Data volume transferred in bytes
Incoming and outgoing data traffic ("Traffic")
Process identification number ("Process ID")
Time taken for the web server to respond to the user's request
Referring website
User's browser, operating system, interface, browser language, and browser version
The data from Section 3.1 is collected and processed under Article 6(1)(f) GDPR, which justifies temporary and further storage for the stated purposes. The legitimate interest in processing lies in the web host's and our interest in a functional and secure website.
Our web host, as our data processor, has technical access to the data mentioned in Section 3.1.
The data in Section 3.1.1 is deleted once it is no longer necessary for its original purpose. For website provision, this is when the respective session ends. Log files are stored for up to 7 days unless a security event necessitates longer retention.
You must provide the data from Section 3.1 to our web host; otherwise, you cannot technically use our website, and our web host cannot ensure secure operations.
Where we collect and process personal data only with your consent, we inform you via our consent banner in the context of the consent dialog.
If we provide you with an email address and a contact form with input fields, this serves the purpose of enabling you to contact us. If you transmit personal data to us, it will be stored and processed for the purpose of contacting you.
The data from Section 4.2.1 is processed under Article 6(1)(f) GDPR (legitimate interest of us as the responsible entity). If your inquiry aims at concluding a contract, Article 6(1)(b) GDPR serves as an additional legal basis (initiation, conclusion, and execution of a contract).
Our web host, as our data processor, has technical access to the data mentioned in Section 4.2.1.
The data from Section 4.2.1 is deleted once it is no longer necessary for its intended purpose. For personal data sent via email or contact form, this is the case when the correspondence with the user is completed and no further storage is required for other reasons.
You are not obligated to provide the data from Section 4.2.1. You do not have to communicate with us.
4.3 Use of the Session Cookie "wbk_sid" Based on Legitimate Interests
4.3.1 What Data is Processed for What Purpose?
As soon as you use the contact form, the session cookie "wbk_sid" is automatically stored on your device. This cookie contains a long combination of numbers and letters ("ID"). The purpose of the cookie is to recognize the user in case of submitting login data or contact information and to distinguish them from malicious users (e.g., spam bots).
4.3.2 On What Legal Basis is This Data Processed?
The information in this cookie constitutes personal data. However, the use of the "wbk_sid" cookie does not require data protection consent, as data processing is necessary to safeguard the legitimate interests of the website operator, and the interests, fundamental rights, and freedoms of the data subject requiring the protection of personal data do not override these interests. The legal basis for data processing is therefore Article 6(1)(f) of the GDPR.
4.3.3 Are There Other Recipients of the Data Besides the Controller?
Our web host, as our data processor, has technical access to the data mentioned in 4.3.1.
4.3.4 How Long is the Data Stored?
Once the user closes the browser, the cookie is automatically deleted from the user's operating system. It is therefore valid only for the duration of the website visit (session cookie).
4.3.5 Is There an Obligation to Provide This Data?
You are required to provide us with the data specified in 4.3.1. Otherwise, you will not be able to use the login form or the contact form.
4.3.6 Consent to the Use of the Cookie?
Your consent to store information about the "wbk_sid" cookie on your device or our access to such stored information is not required, as storage and/or access is strictly necessary for you to use the login form or the contact form (Section 25(2)(2) TTDSG).
5 Processing of Information from Your Devices
5.1 If we wish to store information on the device you use to visit our websites and/or access information already stored on your device, we will request your consent based on clear and comprehensive information. This is done through a consent banner. We obtain the required consent before accessing the information. Your consent can be revoked at any time. However, for certain legally specified purposes, your consent is not required, and in these cases, we do not request it. Consent is not required if the sole purpose of storing or accessing information is to facilitate the transmission of a message over a public telecommunications network. Likewise, consent is not required if storage or access is strictly necessary to provide a telemedia service expressly requested by the user.
5.2 Such access to devices is possible through various technologies, the most well-known being cookies. Cookies are objects that can be stored in the internet browser or on the user's device by the browser. When a user accesses a website, the server of the website operator or a third party can read the stored cookie through the user’s operating system and retrieve the information contained in it. A cookie may, but does not have to, contain a unique identifier that enables the user's browser to be recognized upon subsequent visits.
5.3Removal Option: The user can prevent or restrict the installation of cookies by configuring their browser settings accordingly. Previously stored cookies can also be deleted at any time via the browser. The settings depend on the specific browser. Preventing or restricting cookie installation may lead to some website functions not being fully usable. The same applies to other technologies that utilize the user’s device.
5.4Cookies and Similar Technologies Requiring Consent: Our consent banner provides information about cookies and similar technologies that require consent.
5.5Cookies and Similar Technologies Not Requiring Consent: We have internally documented that consent under Section 25(2) TTDSG is not required for these technologies.
6 Consent Banner
6.1 To obtain legally required consent for certain services or functions, or to recognize your revocation of consent, we display a consent banner. Your consent or lack thereof applies to our use of your device (computer, laptop, smartphone, tablet) through cookies or similar technologies that store or retrieve information on your device. Your consent may also be required for the processing of personal data under Article 6(1)(a) GDPR in connection with your website use. In some cases, the law allows us to use your device and/or process personal data without your consent.
6.2 The consent banner provides an overview of all processing operations requiring consent and details them so that you can assess the meaning and scope of your consent. You can choose from three options:
“Select and Save”: Your selection is stored as configured. Approved services and functions are active and can be used, while non-consented services are disabled.
“Reject All and Save”: Your decision not to provide consent is stored, meaning all consent-requiring services and functions remain inactive.
“Accept All and Save”: All consent-requiring services and functions become active. This means you provide consent under GDPR and approve device access. The banner then disappears.
You can reactivate the consent banner at any time by adjusting your consent settings.
6.3 All three user choices are stored locally in the "Local Storage" of the user’s device in the "wbkConsent" object. This technology is not a cookie and does not contain personal data. The choice is not stored on our server. This use of the user's device is exempt from consent under Section 25(2)(2) TTDSG.
7 Technical Measures
7.1 SSL/TLS Encryption
Our websites use SSL/TLS encryption for security and to protect the transmission of confidential data, such as inquiries sent via our contact forms. A secure connection is indicated by "https://" in the browser address bar and a lock icon. This encryption prevents third parties from reading transmitted data.
7.2 End-to-End Communication
If you contact us via email using an address provided on our website, the content of your email is not end-to-end encrypted. While email transmission is generally encrypted via involved providers, emails remain unencrypted on their servers. Contacting us via our provided contact form ensures secure communication.
7.3 Video Embedding
If videos are available on our websites via external links to third-party sites, these are accessible only via linking to the respective third-party website or video platform. These videos are stored under the data protection responsibility of the respective third-party provider. The linked website or video platform is not embedded directly into our site. This ensures that no user information is transmitted to the portal when the webpage is loaded, and no cookies or tracking technologies are placed on your device. Only after actively clicking the video preview does a connection to the third-party portal occur, triggering data processing. This processing falls outside our control and is the responsibility of the respective third-party provider. If you do not agree with such data processing, please do not click on the video preview.
You have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data carried out under Article 6(1)(f) GDPR (processing for the protection of our legitimate interests or those of a third party) in accordance with Article 21(1) GDPR. You can submit your objection to the address in Section 1.1.
We will then cease processing your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing serves to assert, exercise, or defend legal claims.
If you object, you must provide us with any relevant interests (your "special situation") so that we can reassess our interests. If our interest in retaining the data does not outweigh your interests, the personal data collected through the contact process will be deleted. If our interests continue to prevail, we will continue processing the data.
