Privacy policy

The protection of your personal data is important to us. We process your personal data strictly in accordance with data protection regulations. These are the General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and other legal provisions. The following notes provide a simple overview of what happens to your personal data when you visit our website, contact us or how we process your personal data in the context of the business relationship

1. Contact data

1.1 Controller

Weidemann-Gruppe GmbH

Management: Robert Weidemann, Dominik Schröter

Am Alten Theater 2

39104 Magdeburg

Phone: +49 391 609 99-0

Fax: +49 391 609 99-14

E-mail: info(at)weidemann-gruppe(dot)de

 

1.2 Data protection officer

Joelle Müns

LGD Datenschutz GmbH

Rogätzer Straße 8

39106 Magdeburg

Phone: +49 391 5568632-5

Fax: +49 391 5568632-7

E-mail: j.muens(at)lgd-data(dot)de

 

2. If you contact us

You can contact us with your concerns at any time. You can do this by phone, letter, e-mail or in person.

Personal data

  • Name
  • E-Mail address
  • Phone number
  • Your message

Purpose of processing:

Reply to your request

Legal basis:

  • Art. 6 para. 1 lit. b GDPR (contract or pre-contractual measures)

  • Art. 6 para. 1 lit. f GDPR (protection of legitimate interests (reply to your request))

Data recipients:

  • Internal departments

  • Third parties to whom we forward the data at your request

Data retention:

We archive the data after completion of processing

Data that is subject to the statutory retention obligation is deleted after 6 years

Right to object:

If the data processing serves the protection of our legitimate interests, you have the right to object to the processing. Please send your objection in writing to the above address or by e-mail to info(at)weidemann-gruppe(dot)de. In the event of an objection, however, no processing of your request can take place.

 

3. Data processing on our website

When you visit our website, the following data is automatically processed:

 

3.1 Server log files

The web host automatically collects and stores information in so-called server log files, which your browser transmits to us. Your data is processed as follows:

Personal data:

  • browser type and version
  • operating system used
  • referrer URL
  • Host name of the accessing computer
  • Date and time of server request
  • IP address

Purpose of processing:

  • Operation of the website
  • Evaluation of malfunctions

Legal basis:

Art. 6 para. 1 lit. f GDPR (legitimate interest in the correct presentation of our website)

Data recipients:

  • Web host

Data retention:

  • 7 days

 

3.2 Cookies

Our website uses so-called "cookies". Cookies are small data sets and do not cause any damage to your end device. They are temporarily stored on your end device for the duration of a session (session cookies). This is technically necessary. It is automatically deleted by your browser after you leave our website.

Personal data:

Session cookies do not store any reference that serves to identify the website visitor.

The server generates a "session ID" that is transmitted to the client. This ID is a randomly generated number that the session cookie stores temporarily. It is only used to assign the website visitor to a specific session.

Purpose of processing:

  • Operation of the website
  • Evaluation of malfunctions

Legal basis:

Art. 6 para. 1 lit. f GDPR (legitimate interest in the correct presentation of our website)

Data recipients:

None

Data retention:

Cookies are deleted after the end of the browser session.

Right to object:

Technical cookies are stored on your computer and transmitted from it to our site. Therefore, you have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. If cookies are deactivated for our website, it may no longer be possible to fully use all functions of the website.

 

4. Softgarden

On our careers page, we have integrated the services of Softgarden e-recruiting GmbH ("Softgarden") to present you job offers. The integration of Softgarden is done by embedding a so-called "iframe".

 

4.1 Visiting the careers page

When loading this iframe, Softgarden collects information. It is ensured that Softgarden only transmits the information to servers within the EU. Your personal data is processed as follows:

Personal data:

  • browser type and version
  • operating system used
  • referrer URL
  • Host name of the accessing computer
  • Date and time of server request
  • IP address

Purpose of processing:

  • Operation of the website
  • Evaluation of malfunctions

Legal basis:

Art. 6 para. 1 lit. f GDPR (legitimate interest in the correct presentation of our website)

Data recipients:

Softgarden

Data retention:

7 days

 

4.2 Online application

By embedding Softgarden, we offer you the opportunity to apply to us online. We process your personal data as follows:

Personal data:

  • Name
  • Contact data
  • Curriculum vitae
  • Application
  • Other documents you send us (certificates, application photos)
  • If applicable, social network profiles (Xing)

Purpose of processing:

Decision on recruitment

Legal basis:

  • Art. 88 GDPR in conjunction with § 26 BDSG
  • Art. 6 para. 1 lit. a GDPR (Consent to longer storage of application documents)

Data recipients:

  • Softgarden
  • Management and internal departments
  • Group companies

Data retention:

  • in case of employment: usually 10 years after the end of your employment with us
  • in the event of rejection: 6 months after rejection (unless you agree to a longer retention period)

 

5. Matomo (former Piwik)

We have integrated Matomo on this website. Matomo is an open-source software tool for web analysis.

Personal data:

  • IP address
  • Referrer URL
  • Website access (frequency and length of stay)

Purpose of processing:

  • Analysis of the flow of visitors to our website
  • Evaluation of website usage

Legal basis:

Art. 6 para. 1 lit. f GDPR to protect legitimate interests (analysis and evaluation of website use)

Data recipients:

Matomo is self-hosted, i.e., there is no transmission to third parties.

Data retention:

The cookies set by Matomo are stored as follows:

  • _pk_ses*: 1 day
  • _pk_id*: 13 months

Right to object:

As the data processing serves to protect our legitimate interests, you have the right to object to the processing. You can object to the processing at any time by deselecting the following checkbox:

https://stats.weidemann-gruppe.de/index.php?module=CoreAdminHome&action=optOut&language=de

 

6. Social Media

 

6.1 Facebook

Meta (Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, hereinafter referred to as Meta) as the Facebook operating company is solely responsible for the processing of personal data when visiting our Facebook presence (hereinafter referred to as Fan page). We would like to point out that you use our fan page and its functions on your own responsibility. This applies to the use of the interactive functions (e.g., commenting, liking, sharing). When visiting our Facebook page, your data will be processed as follows:

Personal data:

When you visit our fan page, we do not process any personal data. We do not operate the servers on which the contents of the fan page and the associated communication are stored and processed.

If you communicate with us via the fan page, we process your message and can view your username and current profile picture.

When you access our fan page, your IP address is transmitted to Meta. According to information from Meta, this IP address is anonymized. Meta also stores information about the end devices of the users (e.g., as part of the "registration notification" function). The data may also be transmitted by Meta to countries outside the European Union. It is conceivable that some of the personal data collected may also be processed outside the European Union by Meta Platforms, Inc. based in the USA. We ourselves do not pass on any personal data.

We are not aware of how Meta uses the personal data generated from visits to fan pages for further purposes of its own and to what extent certain data may be assigned to specific users by Meta.

Purposes and legal basis of the processing:

We operate the fan page to present content to you so that you can communicate with us or to link you to other interesting online content. The legal basis for the processing is Art. 6 para. 1 lit. f GDPR.

Data retention:

We delete the messages transmitted in connection with our fan page as soon as the purpose of storage has been fulfilled, you request us to delete them or the purpose for storage no longer applies. Messages that are subject to retention periods under commercial or tax law are stored for 6 years.

Processing of page insights:

Meta provides us with anonymized page summaries for our fan page (so-called page insights). Page insights are an overview of all key figures within a certain period. This allows us to learn more about our target group, for example, and to find out which content is best received.

With Insights, we can only carry out anonymous evaluations based on aggregated data on the use of our fan page. Beyond that, we do not collect any further data from the visit to our fan page. This processing of personal data is carried out by Meta and us as joint controllers.

If you are currently logged in to Facebook, there is a cookie with your Facebook identifier on your end device. This enables Facebook to track that you have visited our Facebook page and how you have used it.

If you wish to avoid this, you should log out of Facebook or deactivate the "stay logged in" function, delete the cookies present on your device, and exit and restart your browser. In this way, Facebook information through which you can be directly identified will be deleted. This will allow you to use our Facebook page without revealing your Facebook identifier. When you access interactive features of the page (Like, Comment, Share, Message, etc.), a Facebook login screen will appear. After any login, you will again be recognizable to Facebook as a specific user.

Purposes and legal basis of the processing:

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in evaluating visits to our fan page and improving our fan page based on these findings.

We have reached an agreement with Meta on processing as joint controllers, which specifies the distribution of data protection obligations between us and Meta. It follows from the joint responsibility agreements with Meta that requests for information and the assertion of further data subject rights, in particular objections, are sensibly asserted directly with Meta. This is because as the provider of the social network, Meta alone has direct access to the necessary information and can also take any necessary measures and provide information directly. Should our support nevertheless be required, we can be contacted at any time.

We have entered into a joint controller processing agreement with Facebook, which sets out the distribution of data protection obligations between us and Facebook. Details about the processing of personal data to create Page Insights and the main contents of the agreement concluded between us and Facebook can be found here: https://facebook.com/legal/terms/information_about_page_insights_data

You can find more information about Facebook's processing of your personal data here: https://www.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0

 

6.2 Xing

Responsible for our Xing profile is News Work SE, Dammtorstraße 30, 20354 Hamburg. By visiting our Xing profile, your personal data will be processed by us, and Xing as follows:

Personal data:

We do not process any personal data when you visit our Xing profile. We do not operate the servers on which the contents of the profile and the associated communication are stored and processed.

Should you communicate with us via Xing, we will receive your message including your name and profile picture.

The categories of personal data that Xing processes can be found here: https://privacy.xing.com/de/datenschutzerklaerung.

Purpose of processing:

Presentation of the content published on the profile

Communication between us and the users, e.g., by clicking on "thumbs up", commenting or sharing the content

Linking to other online content that may be of interest to users of the site

Legal basis:

Art. 6 para. 1 lit. f GDPR

Data recipients:

Internal departments, otherwise, no transmission of personal data to third parties

You can find the recipients to whom Xing transmits the data here: https://privacy.xing.com/de/datenschutzerklaerung

Data retention:

We delete the messages transmitted in connection with our Xing profile as soon as the purpose of storage has been fulfilled, users request us to delete them or the purpose for storage no longer applies. Messages that are subject to retention periods under commercial or tax law are stored for 6 years.

You can find the storage period of the data processed by Xing here: https://privacy.xing.com/de/datenschutzerklaerung.

 

6.3 LinkedIn

LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, is solely responsible for the processing of personal data when you visit our LinkedIn page. When you visit our LinkedIn page, your personal data is processed by LinkedIn as follows:

Personal data:

We do not process any personal data when you visit our LinkedIn page. We do not operate the servers on which the contents of the profile and the associated communication are stored and processed.

If you communicate with us via LinkedIn, we receive your message including your profile.

Processing of page insights:

When you visit, follow or engage with our LinkedIn page, LinkedIn provides us with anonymized statistics and insights for our page that help us gain insight into the types of actions people take on our page (called "Page Insights"). We do not receive any personal data through the Page Insights, nor can we attribute any information received to individual accounts. This processing of personal data is done by LinkedIn and us as joint controllers.

Purpose of processing:

The processing serves our legitimate interest to evaluate the visit to our site and to improve our site based on these findings.

Legal basis:

Art. 6 para. 1 lit. f GDPR

We have entered into a joint controller agreement with LinkedIn which sets out the allocation of data protection obligations between us and LinkedIn. Details about the processing of personal data for the creation of Page Insights and the main contents of the agreement concluded between us and LinkedIn can be found here: https://legal.linkedin.com/pages-joint-controller-addendum

Further information on the processing of your personal data by LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy

 

7. Clients

The execution of our contractual relationship requires the processing of data of our customers and their employees. Due to your obligations to cooperate, it is unavoidable to provide the personal data requested by us, otherwise we will not be able to fulfil our contractual obligations. We process the data as follows:

Personal data:

  • Name
  • Address
  • Phone number
  • E-mail address
  • Customer number
  • Company, if applicable
  • Date of birth, if applicable

Purpose of processing:

  • Agreements on commissioned services or deliveries
  • Fulfilment of contractual obligations

Legal basis:

  • Art. 6 para. 1 lit. b GDPR
  • Art. 9 para. 2 lit. a GDPR

Data source:

  • Notification by the contact person
  • Notification by another entity of the customer

Data recipients:

  • Internal departments
  • Service providers who support us in execution of contracts

Data retention:

  • After order fulfilment the data are archived
  • The data in the archive are deleted after 10 years

 

8. Business partners, service providers and suppliers

Most of our business partners, service providers and suppliers nominate one of their employees as our contact person. There is no obligation to transmit this data. The processing is also not necessary for the service or delivery. However, the effort for agreements is disproportionately high without a defined contact person and there is a risk of misunderstandings. Therefore, there is a legitimate interest in this processing. The contact details of the contact persons are processed by us as follows:

Personal data:

  • Name
  • Company, address
  • function, job
  • Telephone number, fax number
  • E-Mail address
  • Order
  • Information about the services or supplies provided

Purpose of processing:

Agreements on commissioned deliveries and services

Legal basis:

Art. 6 para. 1 lit. f GDPR

Data source:

  • Notification by the contact person himself
  • Notification by another office of the business partner, service provider and suppliers

Data recipients:

Internal departments

Data retention:

  • After order fulfilment the data are archived
  • The data in the archive are deleted after 10 years

 

9. Children

Persons under the age of 16 should not submit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and young people, do not collect it and do not pass it on to third parties.

 

10. Your rights

You have the following rights regarding this processing of your personal data:

The right of access (Art. 15 GDPR)

The Right to rectification (Art. 16 GDPR)

The right to erasure (Art. 17 GDPR)

The right to restriction of processing (Art. 18 GDPR)

The right to data portability (Art. 20 GDPR)

The right to object (Art. 21 GDPR)

Complaint to a supervisory authority (Art. 77 GDPR)

Withdrawal of consent (Art. 7 para. 3 GDPR)