We’re delighted that you’re interested in our company. Data privacy is a matter of great importance to the following provider of this website: WecSec GmbH. Use of the WecSec GmbH website is generally possible without entering any personal data. However, if a data subject would like to avail themselves of certain services from our company via our website, then processing of personal data may become necessary. If processing personal data is necessary, and there is no legal basis for such, then we generally obtain consent from the data subject. Processing of personal data, such as the name, address, email, or telephone number of a data subject, is always carried out in line with the General Data Protection Regulation and also in accordance with the country-specific data protection regulations that apply to WecSec GmbH. We provide this privacy statement to inform the public of the type, scope, and purpose of the personal data that we collect, use, and process. This privacy statement also informs data subjects of their legal rights. As the controller, WecSec GmbH has implemented numerous technical and organizational measures to ensure seamless protection of all personal data processed via this Internet site. However, Internet-based data transmission may feature security gaps, which means that absolute protection cannot be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, for example by phone.
The WecSec GmbH privacy statement is based on the terms used by European Directives or Regulations upon adoption of the General Data Protection Regulation (GDPR). Our privacy statement should be simple to read and understandable for both our clients and business partners as well as for the general public. In order to ensure this, we would first like to explain the terminology used. We use, amongst others, the following terms in this privacy statement: a) Personal data
Personal data refers to all information that relates to an identified or identifiable natural person (hereafter referred to as “data subject”). A natural person is referred to as identifiable if they can be directly or indirectly identified, particularly through assignment to an identifier such as a name, an identification number, location data, online identification data, or to one or more factors specific to the physical, physiological, genetic, mental, financial, cultural, or social identity of this natural person. b) Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by those who are responsible for processing such data. c) Processing
any such set of operations performed on personal data, whether automated or not, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, usage, disclosure via transmission, distribution or otherwise making available, alignment or linking, restriction, deletion, or destruction. d) Restriction of processing
Restriction of processing involves the marking of stored personal data with the aim of limiting its future processing. e) Profiling
Profiling covers any type of automated processing of personal data that enables personal data to be used to evaluate specific personal aspects relating to a natural person, in particular to analyze or forecast aspects regarding the job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or movements of that natural person. f) Pseudonymization
Pseudonymization means the processing of personal data in such a manner that the personal data can no longer be linked to a specific data subject without the use of extra information, as long as this additional information is stored separately and also that technical and organizational measures are in place to ensure that personal data cannot be assigned to an identified or identifiable natural person. G) Controller or person responsible for processing data
The controller or person responsible for processing data is a natural or legal person, authority, institution or other body that either decides alone or with others on the purpose and means used to process personal data.
If the purposes and means of such processing are prescribed by EU law or the laws of Member States, then the controller or the specific criteria for the controller’s appointment can be provided for by EU law or the laws of Member States. h) Processor
The processor is a natural or legal person, authority, institution, or other body who handles personal data on behalf of the controller. i) Recipient
The recipient is a natural or legal person, authority, institution, or other body to whom personal data is disclosed, whether a third party or not. Authorities that may personal data as part of a specific inquiry in accordance with EU law or the laws of Member States are not regarded as recipients. j) Third party
A third party is a natural or legal person, authority, institution, or body other than the data subject, the controller, the processor, and persons authorized to process personal data under the direct authority of the processor or controller. k) Consent
Consent is the informed and unambiguous permission freely provided by the data subject, in the form of a statement or clear affirmative action, by which the data subject signifies their agreement to the processing of any personal data relating to them.
2. Controller within the context of Art. 4 (7) GDPR
The controller in the context of the General Data Protection Regulation, and other applicable data protection laws and regulations relating to privacy legislation applicable within the member states of the European Union, is:
Telephone: +49 8806 9586371
Email: office [at] wecsec.com
4. Collecting general data and information
The WecSec GmbH site collects a series of general data and information when the Internet site is accessed by a data subject or an automated system. This general data and information are stored in the server’s logfile. The following can be collected, namely (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system has reached our site (so-called referrer), (4) the sub-pages, via which an accessing system is forwarded to our Internet site, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that are used for cyber security purposes if attacks take place on our information technology systems. When using this general data and information, WecSec GmbH does not draw any conclusions regarding the data subject. Rather, this information is required to (1) deliver the contents of our website correctly, (2) optimize the contents of our website as well as the advertising for these, (3) ensure the long-term efficiency of our information technology systems and the technology behind our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the case of a cyber attack. WecSec GmbH analyzes this anonymously collected data and information statistically with the aim of further improving data protection and cyber security within our company, to ultimately ensure an ideal level of protection for the personal data we process. The anonymous data saved in the server log files is stored separately from all personal data provided by a data subject.
5. Contact via the website
In accordance with regulations, the WecSec GmbH website contains information that enables fast electronic contact with our company as well as direct communication with us, which also includes a general address for electronic mail (email address). If a data subject establishes contact with the controller by email or using the contact form, the personal data transmitted by the data subject will be stored automatically. Personal data that is voluntarily transmitted to the controller by a data subject will be stored for the purpose of processing purposes or to contact the data subject. None of this personal data is forwarded to third parties. Legal justification for processing of personal data Point f of Article 6 (1) GDPR (justified interest). If you use the contact form, we assume that you are interested in establishing contact with us and wish to exchange information. PURPOSE OF DATA PROCESSING We will use the data collected via our contact form for handling that specific request for information. DURATION OF STORAGE Unless required for further contractual performance or provision of services, or data retention obligations, the collected data is deleted once the request for information has been handled. OPTIONS FOR REVOCATION AND DELETION The options for revocation and deletion are based on the general regulations regarding the right to revocation and deletion in data protection terms, which are described in this privacy statement.
6. Cyber security and data protection, email communications
Your personal data is protected by technical and organizational measures during collection, storage and processing, such that it is not accessible to third parties. However, we cannot guarantee complete cyber security during unencrypted communication with our IT systems by email. We therefore recommend sending highly confidential information either via encrypted means or by post.
7. Legitimate interests in processing pursued by the controller or a third party
If the processing of personal data is necessary in the legitimate interest of business activities when the balance of interests is in favor of the welfare of our staff and our owners, for the purpose of service provision, as long as there are no overarching legitimate interests or fundamental rights and freedoms that oppose this, then this is based on point f of Article 6 (1) GDPR.
8. Use of service providers
When providing its services, WecSec GmbH also uses external partners in the following categories: data storage cloud, e-mail provider. Microsoft: https://privacy.microsoft.com/de-DE/privacystatement WORDPRESS.ORG: https://de.wordpress.org/about/privacy/
9. Data storage
We do not store your personal data for any longer than the duration of your time with us as a customer, and only store it for as long as it is required for the relevant processing purpose. Data is then blocked appropriately until the statutory retention period has elapsed, at which point it is permanently deleted.
10. Rights of the data subject
Right of confirmation Every data subject has the right, granted by European Directives or Regulations, to request confirmation from the controller as to whether or not relevant personal data has been processed. If a data subject wishes to enforce this right of confirmation, then they can contact any member of the controller’s staff at any time. Right of access Every person affected by the processing of personal data has the right, granted by European Directives or Regulations, to receive information from the controller, free of charge, about any personal data that is stored about them as well as to receive a copy of such information. Furthermore, European Directives and Regulations allow for the data subject to be made aware of the following:
Categories of personal data that are processed
Recipients or categories of recipients who receive or will receive such personal data, particularly in the case of recipients in third-party countries or international organizations
If possible, the planned duration for which personal data is to be stored, or if not possible, the criteria used for determining this duration.
Existence of a right of rectification or erasure of personal data relating to them or a right of restriction of processing by the controller, or a right to withdraw consent to such processing
Existence of a right to lodge a complaint with a supervisory authority
If such personal data is not collected from the person in question: All available information regarding the origin of the data
Existence of an automatic decision-making process including profiling in accordance with Article 22, paras. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and the envisaged consequences of such processing for the data subject.
In addition, the data subject also has a right to obtain information regarding whether personal data was sent to a third country or an international organization. If this is the case, then the data subject also has the right to obtain information regarding suitable guarantees that are linked with such transmissions. If a data subject wishes to exercise this right to access information then they can contact any member of the controller’s staff at any time. Right to rectification Every data subject affected by the processing of personal data has the right, granted by European Directives or Regulations, to request instant rectification of relevant personal data which happens to be incorrect. In addition, the data subject also has the right to request, taking processing purposes into account, the completion of incomplete personal data – even by means of a supplementary statement. If a data subject wishes to exercise this right to rectification then they can contact any member of the controller’s staff at any time. Right to deletion (right to be forgotten) Every data subject affected by the processing of personal data has the right, granted by European Directives or Regulations, to request that personal data relating to them is deleted immediately by the controller, provided that one of the following reasons applies and that processing is not absolutely necessary:
Personal data is collected for such purposes or processed for matters for which it is no longer necessary.
The data subject withdraws their consent, which is the basis for processing in accordance with point a of Article 6 (1) GDPR or point a of Article 9 (2) GDPR, and there is no other legal ground for processing.
The data subject can object to processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate reasons for processing, or the data subject objects to processing in accordance with Article 21 (2) GDPR.
Personal data has been illegally processed.
Deletion of personal data is necessary to satisfy a legal requirement in accordance with EU law or the laws of Member States, to which the controller is subject.
Personal data has been collected in relation to the offer of information society services as per Article 8 (1) GDPR.
If one of the above reasons applies and a data subject wishes to request the erasure of personal data held by WecSec GmbH, they can contact a member of the controller’s staff at any time. The cyber security staff at WecSec GmbH will ensure that erasure carried out as promptly as possible. If personal data is made public by WecSec GmbH, and if our company, as the controller, is obliged to erase personal data in accordance with Article 17 (1) GDPR, then WecSec GmbH will take the appropriate steps, including technical measures, when taking the available technology and the costs of implementation into account, to inform other controllers processing the personal data that the data subject has requested erasure by such controllers of any links to, copies of or duplicates of this personal data, provided processing is not required. WecSec GmbH cyber security staff will instigate the necessary measures on a case-by-case basis. Right to withdraw consent in data protection matters Every data subject affected by the processing of personal data has the right, granted by European Directives or Regulations, to revoke their consent to the processing of personal data at any time. If the data subject wishes to assert their right to withdraw their consent then they can contact a member of the controller’s staff at any time. Right to lodge a complaint If data protection laws are infringed then the relevant party has a right to lodge a complaint with the relevant supervisory authorities. You also have the right to get a lawyer and enforce your rights. Right to data portability You have the right to receive the data that we have stored on you in a structured, accessible, machine-readable format, or to have your personal data transferred directly by us to another controller provided that this is technically feasible and that the rights and freedoms of other people are not infringed as a result.