Data Protection Information
1. General Information
WIHA GMBH (hereinafter referred to as WIHA) takes the protection of your personal data very seriously and processes your data only in accordance with requirements of the statutory data protection regulations. These provisions include in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz or BDSG).WIHA is responsible for the processing of your data. Our contact details are:
Email address: info@wiha-schokoladen.com
Address: Paulinenweg 12, 33790 Halle/ Westfalen, Germany
If you have any questions regarding this privacy policy, in particular any questions regarding the exercise of your rights, please contact us at info@wiha-schokoladen.com.
2. Scope and Purposes of the Data Processing
2.1 Data Processing for Consumer Matters
You can contact the addresses provided by us with any queries you may have. Regardless of how you contact us (e.g. via contact form on our website, by e-mail, by telephone or by post), we will treat your data as stated in this data protection policy.If you contact us as a consumer, e.g. with enquiries about products, complaints or general concerns, we process the personal data provided by you (such as name, address or e-mail address as well as your message) in order to process your enquiry. Depending on the content of the request, we will forward it internally to the responsible department and, if necessary, to other responsible Group companies. We may use the contact information you provide to contact you in the context of your request. In general, the legal basis for processing your data is our legitimate interest in answering your enquiry (Art. 6(1)(f) GDPR).
2.2 Data Processing for B2B Purposes (e.g. with regard to Service Providers, Sales Partners, other Business Partners and their Contact Persons)
The above section 2.1 shall apply likewise if you contact us with business concerns. Also in this case, if this is necessary to answer your enquiry, we will forward it to the responsible group company.In the context of business relations, we process personal data as required for the proper execution of transactions. This may include, for example, business-related personal data (name, address, contact data, company, position/responsibility) or bank details (e.g. IBAN, account holder). We generally collect this data directly from you or from publicly accessible sources (e.g. company website, commercial register).
In the context of business relationships or their initiation, we process the data concerning you (as an existing or potential business partner or responsible contact person) as necessary for the following legitimate interests (Art. 6(1)(f) GDPR): business development including pre-contractual negotiations and the performance of contracts; consultation of credit agencies (see section 2.3); postal advertising or market and opinion research, insofar as you have not objected to the use of your data; assertion of legal claims and defence in legal disputes; technical-organisational security measures and measures to safeguard the right of domicile (e.g. video surveillance on the company premises); measures for the further development of services and products. If you have given us your consent to process your data for certain purposes (e.g. to receive a newsletter), we process the data on this basis; for information on withdrawing consent see Section 3. Finally, we are subject to various legal obligations, e.g. from trade, commercial and tax law; we process your personal data to the extent necessary to fulfil these obligations (Art. 6(1)(c) GDPR).
2.3 Data Processing within the Framework of the Website
When you visit our website, connection data is temporarily processed (in particular IP address, last visited URL, time and date, pages accessed). We process this data as far as necessary for offering the website (which is in our legitimate interest). Generally, the usage of our website is possible without providing data other than the data listed before.2.4 Transmission to Third Parties
We transfer your data within the company to the responsible departments. We may further transfer data to contact persons of group companies (e.g. if this is necessary to answer an inquiry) if there is a legitimate interest in doing so (Art. 6(1)(f) GDPR).Furthermore, we may transfer data to government agencies if we are legally entitled and obliged to do so (e.g. to fulfil tax reporting obligations).
A transfer to countries outside the European Economic Area will only take place if it is necessary to achieve the respective purpose and if the requirements of Chapter V of the GDPR are fulfilled (e.g. if the EU Commission has passed a resolution on the adequacy of the data protection in the third country concerned according to Art. 45 GDPR, if we have agreed standard data protection clauses according to Art. 46 GDPR with the recipient or if such measures are not required in exceptional cases according to Art. 49 GDPR).
2.5 Deletion
We will delete your personal data as soon as they are no longer required for the purposes for which they were processed and insofar as there are no legal obligations to retain them. In the case of business-related data, there generally is a legitimate interest in storing the data for the duration of the business relationship and beyond for the period in which claims can be asserted in accordance with the statutory limitation provisions, e.g. for 3 years in accordance with Section 195 BGB. Relevant retention periods under German tax and commercial law are six years for all business letters (including electronic ones) and 10 years for all information relevant to tax and accounting.2.6 Data Security
WIHA has taken necessary technical and organisational measures to protect the personal data you have provided against loss, destruction, manipulation and unauthorised access. Our employees and all persons involved in data processing are obliged to comply with data protection laws and to treat personal data confidentially. Our employees are trained accordingly. Both internal audits and external audits ensure compliance with all processes relating to data protection at WIHA.2.7 Job Candidates
All job applications will be processed by the head human resources department of the AUGUST STORCK KG (parent company). As a processor the AUGUST STORCK KG will process all data solely in accordance with contractual terms and instructions to organize and support the application procedure. Information on the processing of personal data with regard to job applications at the Storck Group, including the processing of personal data on our career page (“Karriereportal”), can be found on:https://www.storck.com/de/datenschutz-jobs
3. Your Rights Regarding Personal Data
Data protection law grants you a number of rights with regard to data relating to you (so-called data subject rights). These rights include the right to demand information about the personal data we have stored about you, the right to correct, delete or restrict the processing of this data, to object to the processing and the right to data transfer. Whether and to what extent these rights exist in individual cases and which conditions apply is determined by the law (i.e. in particular by the GDPR and the BDSG).If you have given your consent to the processing of your personal data, you can withdraw it at any time with effect for the future. You also have the right to lodge a complaint with the competent data protection supervisory authority. However, if you have any questions or complaints about data protection at WIHA, we recommend that you first contact our data protection officer (see section 1).