Privacy policy

Websites of the Wieland Group

Revised: August 04, 2023

Wieland-Werke AG and its subsidiaries offer you information, contact options and customer portals as part of their websites. In this context, personal data is also processed and, if necessary, stored or read on your client device, which we would like to inform you about in detail below.

1. Contact Details

1.1 Contact details of the data controller

Responsible for data processing when visiting our websites and using the services offered there is the

Wieland-Werke AG 
Graf-Arco-Straße 36 
89079 Ulm 
Germany

Phone: +49 (0)731 944 0
info@wieland.com

 

We operate our websites under joint responsibility with the individual companies of the Wieland Group.

The locations and contact details of the respective companies of the Wieland Group can be found here.

1.2 Contact details of the data protection officer

If you have any questions about data processing or data protection in the Wieland Group, please feel free to contact our Group Data Protection Officer (‘DPO’) at any time.

You can reach the DPO by mail to the above address (please note 'Attn. Data Protection Officer' on the envelope), by e-mail at datenschutz@wieland.com or confidentially via our data protection portal.

2. Purpose of the processing of your (personal) data when visiting and using our websites

In connection with our websites and the offers provided on our websites, we use cookies and possibly other technologies such as browser fingerprinting. Cookies are small text files containing information that are stored on your end device when you visit one of our websites using your browser. When the website is called up again with the same end device and browser, the information stored in cookies can be read and processed. In doing so, we use processing and storage functions of the browser of your end device and collect information from the memory of the browser of your end device. By means of browser fingerprinting and other technologies, we can also identify your client device without the use of cookies, for example, by creating a unique hash value based on the information transmitted or on the output of JavaScript codes executed locally on your client device.

Recipient of the data: Hosting provider

2.1 Safety and technology

a) Technical log data

When you call up our website, your browser automatically transmits a series of technical data. These include the requested page, time of the call, your IP address, details of the browser used, operating system and resolution if applicable, details of the previously visited page if applicable, the amount of data transferred and a technical status code. 
We use this data for the following purposes:

• Delivery of the website to your browser,
• Evaluation for system safety and stability,
• Misuse detection and attack defense as well as for the
• Troubleshooting.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. Our legitimate interest is to offer you a functional and secure web presence and to protect our systems from unauthorized access and attacks. Insofar as we retrieve data - possibly also without personal reference - from your client device or store it there, this is done on the basis of § 25 (2) TTDSG (German Telecommunications-Telemedia Data Protection Act).

We process the aforementioned log data, for example as part of our web server logs for a period of 30 days; in the event of abuse for the duration of the analysis and possible prosecution of the abuse.

Recipient of the data: Hosting provider

b) Session cookies

We use so-called session cookies on some of our websites, which are automatically deleted when you close your browser. Based on the session cookie, we recognize you during a session and can thus, for example, provide you with your selected language preference or keep track of your login status across different pages.

The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) p. 1 lit. f GDPR. Our legitimate interest follows from the data processing purposes listed above. Insofar as we retrieve data - possibly also without personal reference - from your client device or store it there, this is done on the basis of § 25 (2) TTDSG.

Session cookies are deleted when the browser is closed.

c) Google Tag Manager

Our websites use the 'Google Tag Manager' service from Google (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) to manage cookies and control their playout, especially in cooperation with our consent management.

The technical data already mentioned in section 2.1 a (in particular the IP address of the requesting device, the browser and operating system used, the time of the call, the previously visited page and the amount of data transferred and a technical status code) are processed by Google. The data is automatically provided by the browser you are using.

The Google Tag Manager itself does not set any cookies and does not process any data stored in the cookies.

In exceptional cases, data processed by Google may also be transferred to Google in the USA (Google LLC, Mountain View, California, USA). Google is certified under both the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework.

The legal basis for this data processing is your consent within the meaning of Art. 6 (1) lit. a GDPR. Insofar as Google retrieves data from your client device in the context of map use or stores it there, this is done on the basis of your consent within the meaning of § 25 (1) TTDSG. The deletion of the processed data is carried out by Google after the end of the purpose.

d) Consent Management ("Cookie Banner")

We use the Usercentrics Consent Manager to display our cookie banner. The purpose of this is to manage your consents, possible revocations of consents and objections to the use of cookies, as well as any necessary verification.

Without this data, which is automatically provided by your browser, the use of our websites is not possible.

In addition to technical log data (see above, 2.1. lit. a), the time of your selection decision and the time of the last visit are also documented.

This data is provided automatically by your browser (technical log data) or by your active decision.

Recipient of the data: Usercentrics GmbH, Rosental 4, 80331 Munich, Germany

The legal basis of the processing is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR in a safe and reliable implementation of your decision with regard to the setting and reading of cookies and their documentation, control of the logic for setting cookies. The data cookie is deleted six months after your last visit. Server log data is anonymized before storage. The revocation of a previously given consent will be stored for three years, as well as your given consent, Insofar as we retrieve data - possibly also without personal reference - from your client device or store it there, this is done on the basis of § 25 (2) TTDSG.

2.2 Content from third party sites

a) Google Maps

Our websites use the service 'Google Maps' from Google (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland), e.g. to visualize our locations on a map and to enable you to plan a route.
We have integrated Google Maps in a way that ensures that only with your consent (i.e. by actively clicking on the map icon) the map is built and thus data is transmitted to Google. This is then the technical protocol data already mentioned in section 2.1 lit. a or also, upon release, your current location (for more information, see https://policies.google.com/technologies/location-data?hl=de) or a departure point entered by you for route planning. Google's data protection provisions apply to this service (https://www.google.com/intl/de_de/policies/privacy/), supplemented by the separate terms of use for Google Maps (https://www.google.com/intl/de_de/help/terms_maps.html).
Recipient of the data: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

In exceptional cases, data processed by Google may also be transferred to Google in the USA (Google LLC, Mountain View, California, USA). Google is certified under both the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework.

The legal basis for this data processing is your consent within the meaning of Art. 6 (1) lit. a GDPR. Insofar as Google retrieves data from your client device in the context of map use or stores it there, this is done on the basis of your consent within the meaning of § 25 (1) TTDSG.

For more information on how long Google stores data, please visit https://policies.google.com/privacy?hl=de#inforetaining.

b) Youtube videos

Our websites include video material that is stored on the video platform 'Youtube'. Youtube is a service of Google (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).

We have integrated Youtube in a way that ensures that the video is only loaded with your consent (i.e. by actively clicking on the video icon) and thus data is transmitted to Google. With your consent, data is transmitted to Google, e.g. the technical protocol data already mentioned in section 2.1 lit. a as well as the ID of the called video. We use Youtube in the extended data protection mode, so that only the data transmission is minimized as far as possible. You can find more information on data protection at Youtube at https://support.google.com/youtube/answer/2801895?hl=de.

Recipient of the data: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

In exceptional cases, data processed by Google may also be transferred to Google in the USA (Google LLC, Mountain View, California, USA). Google is certified under both the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework.

The legal basis for this data processing is your consent within the meaning of Art. 6 (1) lit. a GDPR. Insofar as Google retrieves data from your client device or stores it there as part of the video playout, this is done on the basis of your consent within the meaning of § 25 (1) TTDSG.

For more information on the storage period of data at Google in the context of Youtube integration, please visit https://policies.google.com/privacy?hl=de#inforetaining.

c) Social media links and social wall

You can also find us on selected social networks. We have designed the references to them as simple links and do not use the corresponding link plugins of the providers, so that no data is automatically transmitted to them.

We provide an overview of our publications in social media by means of a local proxy, so that no data transmission to social networks takes place at this point either, as long as you do not actively click on corresponding content.

2.3 Premium Pages, Newsletters and Whitepapers, Contact Forms

a) myWieland

We offer our customers a closed area in which they can, for example, track their orders and access further information about their business relationship with us.

Recipients of the data: Companies of the Wieland Group (The Wieland Group is represented internationally, so that we may process your personal data worldwide. To protect your data, we have concluded contractual agreements within the Wieland Group so that an appropriate level of data protection is also guaranteed outside the EU / EEA / Switzerland).

The legal basis for this data processing is the contractual relationship between you and us within the meaning of Art. 6 (1) 1 lit. b GDPR. Insofar as we retrieve or store data on your client device, this is done on the basis of your express wish to use myWieland within the meaning of § 25 (2) TTDSG.

b) Newsletters and whitepapers

We offer a range of newsletters and whitepapers on various topics relating to our products and services, which you can subscribe to by e-mail if you are interested. For this purpose, we need your e-mail address for sending the e-mail. Further information is voluntary. In addition, we record the website from which you registered, the IP address of your computer, the time of registration and, if applicable, the time of a double opt-in.

Please note that we can only send you the requested newsletter / whitepapers after you have confirmed your e-mail address. For this purpose, we will send you a separate e-mail after registration, in which you please click the confirmation link ('Double Opt-In').

Recipients of the data: Companies of the Wieland Group (The Wieland Group is represented internationally, so that we may process your personal data worldwide. To protect your data, we have concluded contractual agreements within the Wieland Group so that an appropriate level of data protection is also guaranteed outside the EU / EEA / Switzerland).

The legal basis for this data processing is your consent within the meaning of Art. 6 (1) lit. a GDPR. Insofar as we retrieve data from your client device or store it there within the scope of the newsletter or when requesting white papers, this is done on the basis of your consent within the meaning of § 25 (1) TTDSG.

You can revoke your consent to receive newsletters / whitepapers at any time with effect for the future. The easiest way to do this is to use the 'unsubscribe' link at the end of the respective email or send an email to newsletter@wieland.com.

We will delete your data in this regard (e-mail address and any voluntary information) no later than 30 days after you unsubscribe, or after 10 days if the link in the confirmation e-mail was not clicked.

c) Contact forms

For questions of any kind, we offer you the possibility to contact us via a form provided on the website. It is necessary to provide a valid e-mail address so that we can answer your inquiry. Further information can be provided voluntarily. In addition, we record the IP address of your computer and the time of sending the contact request.

Recipients of the data: Companies of the Wieland Group (The Wieland Group is represented internationally, so that we may process your personal data worldwide. To protect your data, we have concluded contractual agreements within the Wieland Group so that an appropriate level of data protection is also guaranteed outside the EU / EEA / Switzerland).

The legal basis for this data processing is your consent within the meaning of Art. 6 (1) p. 1 lit. a GDPR. You can revoke your consent to the use of your data in the context of contacting us at any time with effect for the future. To do so, please contact us by e-mail at newsletter@wieland.com.

The personal data collected by us for the use of the contact forms will be deleted after the final processing of your request, unless this conflicts with a legal obligation to retain data, e.g. under commercial law. In this case, the deletion takes place after the end of the respective period.

Insofar as data is retrieved from your client device within the framework of the contact form or stored there, this is done on the basis of the consent you have given within the meaning of Section 25 (1) TTDSG.

2.4 Web analytics and usage analysis

a) Web analysis by means of Google Analytics

For the purpose of web analysis, page optimization and to learn more about your interests when using our websites, we use the web analysis tool 'Google Analytics' from Google (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) on some of our websites.

This is done in pseudonymized and, as far as possible, anonymized form; of course, also using the IP anonymization function (i.e., the IP address transmitted by your browser is anonymized by shortening, i.e., deleting the last octet of the IPv4 address or the last 80 bits of the IPv6 address before storage).
The data processing is essentially carried out by Google, but we have deactivated the functions for further data processing by Google for its own purposes as well as the Google marketing functions. Nevertheless, it cannot be ruled out that Google may combine the collected data, for example, if you are logged into your browser with a Google account.

In addition to the technical data already mentioned in section 2.1 lit. a, further categories of data are processed:

• Google Analytics end-device data (this is data generated by Google Analytics and assigned to your end-device: this includes a unique ID for (re-)recognizing returning visitors (so-called 'client ID') and certain technical parameters for controlling data collection for web analytics).
• Google Analytics measurement data (device-related raw data (so-called 'dimensions' and 'measurements') that are collected and analyzed by Google Analytics when our websites are used. This includes information about the sources through which visitors reach our websites, information about the location, the browser and the end device used, information about the use of the website (in particular page views, call frequency and dwell time on the respective page called up) as well as information about the fulfillment of certain objectives. The data is in each case assigned to the client ID assigned to your end device. This results in device-related usage profiles in which all device-related raw data are combined into one client ID. The data we collect using Google Analytics does not allow us to identify you directly on a personal level (i.e., by name). We also do not combine the raw device-related data and the resulting device-related usage profiles with data that directly identifies you personally without your consent).
• Google Analytics report data (data included in aggregated segment- and device-related reports generated by Google Analytics based on analysis of raw device-related data).

Recipient of the data: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland

In exceptional cases, data processed by Google may also be transferred to Google in the USA (Google LLC, Mountain View, California, USA). Google is certified under both the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework.

The legal basis for this data processing is your consent within the meaning of Art. 6 (1) lit. a GDPR. Insofar as Google retrieves data from your client device within the scope of web analysis or stores it there, this is done on the basis of your consent within the meaning of § 25 (1) TTDSG.

The personal data we collect as part of the web analysis is stored for 14 months and then deleted.

Of course, our website is fully usable even if you do not give consent to web analytics.

b) Web analysis by means of Matomo

For the purpose of web analysis, page optimization and to learn more about your interests when using our websites, we use the web analysis tool Matomo on some of our websites, for example on our premium pages ('myWieland'). Access data is collected pseudonymously and as far as possible anonymously, so that no direct link to a user can be established. In particular, we anonymize your IP address by shortening it, i.e. deleting the last octet of the IPv4 address or the last 80 bits of the IPv6 address before storing it.

With Matomo, we process the following categories of data:

• End device data (this is data generated by Matomo and assigned to your end device: this includes a unique ID for (re-)recognizing returning visitors (so-called 'client ID') as well as certain technical parameters for controlling data collection for web analytics).
• Measurement data (device-related raw data (so-called 'dimensions' and 'measurement values') that are collected and analyzed by Matomo when using our websites. This includes information about the sources through which visitors arrive at our websites, information about the location, the browser and client device used, information about the use of the website (in particular page impressions, frequency of calls and length of stay on the respective page called up) as well as information about the fulfillment of certain objectives. The data is in each case assigned to the client ID assigned to your end device. This results in device-related usage profiles in which all device-related raw data are combined into one client ID. The data we collect using Matomo does not allow us to identify you directly on a personal level (i.e., by name). We also do not combine the raw device-related data and the resulting device-related usage profiles with data that directly identifies you personally without your consent).
• Report data (data included in aggregated segment- and device-related reports generated by Google Analytics based on analysis of raw device-related data)

The legal basis for this data processing is your consent within the meaning of Art. 6 (1) lit. a GDPR. Insofar as we retrieve data from your client device within the scope of web analysis or store it there, this is done on the basis of your consent within the meaning of § 25 (1) TTDSG.

The personal data we collect as part of the web analysis is stored for 14 months and then deleted.

Recipients of the data: Companies of the Wieland Group (The Wieland Group is represented internationally, so that we may process your personal data worldwide. To protect your data, we have concluded contractual agreements within the Wieland Group so that an appropriate level of data protection is also guaranteed outside the EU / EEA / Switzerland).

Of course, our website is fully usable even if you do not give consent to web analytics.

c) Web analytics and marketing using LinkedIn

For the purpose of web analysis, page optimization, marketing of our offer and to learn more about your interests when using our websites, we use the web analysis and marketing tool 'LinkedIn Insight Tag' from LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) on some of our websites. Through the integration of the 'LinkedIn Insight Tag' on this website - assuming your consent - a connection to the LinkedIn server takes place when you call up our pages, in addition LinkedIn sets cookies on your end device or retrieves information from them. If you are logged in to LinkedIn at the same time, LinkedIn can link this information to your account.
Through the use of the 'LinkedIn Insight Tag', we receive aggregate reports about the demographics of our target audience and the performance of our ads. In particular, we receive information on criteria such as.

• Industry
• Job title,
• company size,
• career level and
• location

We receive the data in the reports anonymized so that we cannot draw any direct conclusions about individual persons.
In the privacy policy of LinkedIn at https://www.linkedin.com/legal/privacy-policy you will find more information about data collection and data use by LinkedIn. Furthermore, you will be informed about your rights vis-à-vis LinkedIn. If you are logged in to LinkedIn, you can deactivate the data collection at any time using the following link: https://www.linkedin.com/psettings/enhanced-advertising.

Recipient of the data: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.
In exceptional cases, the data processed by LinkedIn may also be transferred to the USA. There, the level of protection of the GDPR - despite our risk minimization measures - is not guaranteed. If necessary, government authorities (even without your / our knowledge) may have access to the data in accordance with the regulations applicable there. You also expressly agree to this possible transfer, taking into account the associated risks, if you consent to our use of the LinkedIn services.
The legal basis for this data processing is your consent within the meaning of Art. 6 (1) p. 1 lit. a, 49 (1) p. 1 lit. a DS-GVO. Insofar as LinkedIn retrieves data from your terminal device or stores it there as part of data processing, this is done on the basis of your consent within the meaning of Section 25 (1) TTDSG.
The personal data collected by us in the course of data processing will be stored for a maximum of six months and then deleted.
Of course, our website is also fully usable if you do not give your consent to the use of LinkedIn services.

3. Your rights

You have a number of legal rights vis-à-vis us as the responsible party (or also vis-à-vis the jointly responsible parties of the Wieland Group), which we would like to point out to you below.

The easiest way to exercise your rights is to use our online data protection portal, which you can access via https://privacy.wieland.com/wieland/anfrage_meldung.html 

You can, of course, also contact us (and any company in the Wieland Group jointly responsible with us) by letter. Please note 'Attn. Data Protection Officer' on the envelope to ensure it is received and responded to promptly. You can reach our data protection officer by e-mail at datenschutz@wieland.com

You can, of course, also contact us (and any company in the Wieland Group jointly responsible with us) by letter. Please note 'Attn. Data Protection Officer' on the envelope to ensure it is received and responded to promptly. You can reach our data protection officer by e-mail at datenschutz@wieland.com.

Your rights as a data subject in detail:

• Right to information (Art. 15 GDPR) 
  As a data subject, you have a right to information under the conditions of Art. 15 GDPR.
  This means in particular that you have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you also have a right to information about this personal data and to the information listed in Art. 15 (1) GDPR.
• Right to rectification (Art. 16 GDPR) 
  As a data subject, you have a right to rectification under the conditions of Art. 16 GDPR.
  This means in particular that you have the right to demand that we correct any inaccurate personal data relating to you and complete any incomplete personal data without undue delay.
• Right to erasure ('right to be forgotten') (Art. 17 GDPR)
  As a data subject, you have a right to erasure under the conditions of Art. 17 GDPR. 
  This means that you generally have the right to demand that we delete personal data concerning you without delay, and we are obliged to delete personal data without delay if one of the reasons listed in Art. 17(1) GDPR applies.  
  To the extent that we have made the personal data public and we are obliged to erase it, we are also obliged to take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform other data controllers which process the personal data that a data subject has requested that 
  they erase all links to or copies or replications of that personal data (Art. 17(2) GDPR). 
  Exceptionally, the right to erasure does not apply insofar as the processing is necessary for the reasons listed in Art. 17(3) GDPR. This may be the case, for example, insofar as the processing is necessary for compliance with a legal obligation or for the assertion, exercise or defense of legal claims (Art. 17 (3) a, e GDPR).
• Right to restriction of processing (Art. 18 GDPR)
  As a data subject, you have a right to restriction of processing under the conditions of Art. 18 GDPR.
   This may be the case, for example, if you dispute the accuracy of the personal data. In this case, the restriction of processing is carried out for a period that allows us to verify the accuracy of the personal data (Art. 18 (1) a GDPR). 
  Restriction means the marking of stored personal data with the aim of limiting their future processing (Art. 4 No. 3 GDPR).
• Right to data portability (Art. 20 GDPR)
  As a data subject, you have a right to data portability under the conditions of Art. 20 GDPR. 
  This means that, in principle, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out with the aid of automated procedures (Art. 20(1) GDPR). 
  When exercising your right to data portability, you also have the fundamental right to have the personal data transferred directly from us to another controller, insofar as this is technically feasible (Article 20 (2) of the GDPR).
• Right of objection (Art. 21 GDPR)
  As a data subject, you have a right of objection under the conditions of Art. 21 GDPR.
   We will expressly point out your right of objection to you as a data subject at the latest at the time of the first communication with you.
  In detail, the following applies:
• Right to object on grounds relating to the data subject's particular situation 
  As a data subject, you have the right to object 
  at any time on grounds relating to your
   particular situation to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
   In the event of an objection on grounds relating to your particular situation, we will no longer process the personal data concerned, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
• Right to object to direct marketing 
  If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
   In the event of an objection to processing for direct marketing purposes, we will no longer process the personal data concerned for these purposes.
• Right to withdraw consent (Art. 7 (3) GDPR)
  If the processing is based on consent within the meaning of Art. 6(1)(a), Art. 9(2)(a) GDPR and / or Section 25(1) TTDSG or another legal basis, you as the data subject have the right to revoke your consent at any time in accordance with Art. 7(3) GDPR. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. We will inform you of this before you give your consent. You can view your consent to the storage, retrieval and processing of your data within the scope of our websites at any time and revoke it with effect for the future by clicking on the following link:

• Right to complain to the supervisory authority (Art. 77 GDPR)
  As a data subject, you have the right to lodge a complaint with a supervisory authority under the conditions of Art. 77 GDPR.

Our DPO is also available at any time to clarify any questions you may have about data processing with you or to help you further with your data protection concerns.

4. Transfer to third countries

If we also transfer personal data to recipients located outside the European Union or the EEA (so-called third countries), we ensure prior to the transfer that the recipient has an adequate level of data protection through appropriate (contractual) guarantees such as, for example, the standard contractual clauses in the respective current version or otherwise recognized agreements, or that there is informed consent with reference to possible risks with regard to the transfer of personal data.

5. Automated decision making including profiling

We do not use profiling within the meaning of Art. 22 GDPR in the context of the use of our websites.

6. Specific provisions for people from certain regions

California Residents Privacy Rights

Wieland Group companies primarily provide services to business customers; in the uncommon circumstance that an individual consumer who is a California resident interacts with us directly, such as through our website, this section applies.  We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this notice.

For details, please visit this page.