Privacy policy
Websites of the Wieland Group
Revised: October 27, 2022
Wieland-Werke AG and its subsidiaries offer you information, contact options and customer portals as part of their websites. In this context, personal data is also processed and, if necessary, stored or read on your terminal device, which we would like to inform you about in detail below.
1. Contact Details
1.1 Contact details of the data controller
Responsible for data processing when visiting our websites and using the services offered there is the
Wieland-Werke AG
Graf-Arco-Straße 36
89079 Ulm
Germany
Phone: +49 (0)731 944 0
info@wieland.com
We operate our websites under joint control with the individual companies of the Wieland Group
The locations and contact details of the respective companies of the Wieland Group can be found here.
1.2 Contact details of the data protection officer
If you have any questions about data processing or data protection in the Wieland Group, please feel free to contact our Group Data Protection Officer (“DPO”) at any time.
You can reach the DPO by mail to the above address (please note 'Attn. Data Protection Officer' on the envelope), by e-mail at datenschutz@wieland.com or confidentially via our data protection portal.
2. Processing of your (personal) data when you visit and use our websites
In connection with our websites and the offers provided on our websites, we use cookies and possibly other technologies such as browser fingerprinting. Cookies are small text files containing information that are stored on your end device when you visit one of our websites using your browser. When the website is called up again with the same end device and browser, the information stored in cookies can be read and processed. In doing so, we use processing and storage functions of the browser of your end device and collect information from the memory of the browser of your end device. By means of browser fingerprinting and other technologies, we can also identify your terminal device without the use of cookies, for example, by creating a unique hash value based on the information transmitted or on the output of JavaScript codes executed locally on your terminal device.
2.1 Safety and technology
a) Technical log data
When you access our website, your browser automatically transmits a series of technical data to our website. These include the requested page, time of the call, your IP address, details of the browser used, operating system and resolution if applicable, details of the previously visited page if applicable, the amount of data transferred and a technical status code.
We use this data for the following purposes:
- Delivery of the website to your browser,
- Evaluation for system safety and stability,
- Misuse detection and attack defense as well as for the
- Troubleshooting.
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. Our legitimate interest is to offer you a functional and secure web presence and to protect our systems from unauthorized access and attacks. Insofar as we retrieve data - possibly also without personal reference - from your terminal device or store it there, this is done on the basis of § 25 (2) TTDSG.
We process the aforementioned log data, for example as part of our web server logs for a period of 30 days; in the event of abuse for the duration of the analysis and possible prosecution of the abuse.
b) Session cookies
We use session cookies on some of our websites, which are automatically deleted when you close your browser. The session cookie allows the website to recognize you during a session and can thus, for example, provide you with your selected language preference or keep track of your login status across different pages.
The legal basis for this data processing is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. Our legitimate interest follows from the data processing purposes listed above. Insofar as we retrieve data - possibly also without personal reference - from your terminal device or store it there, this is done on the basis of § 25 (2) TTDSG.
Session cookies are deleted when the browser is closed.
c) Google Tag Manager
Our websites use the 'Google Tag Manager' service from Google (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) to manage cookies and control their playout, especially in cooperation with our consent management.
The technical data mentioned in section 2.1(a) (in particular the IP address of the requesting device, the browser and operating system used, the time of the call, the previously visited page and the amount of data transferred and a technical status code) are processed by Google. The data is automatically provided by the browser you are using.
The Google Tag Manager itself does not set any cookies and does not process any data stored in the cookies.
In exceptional cases, the data processed by Google may also be transferred to a third country, e.g. the US. There, the level of protection of the GDPR is not guaranteed and, if applicable, government authorities (even without your / our knowledge) may have access to the data in accordance with the regulations applicable there. You also expressly agree to this possible transfer, taking into account the associated risks, if you consent to the extended data processing and thus also to the use of the Google Tag Manager by us.
The legal basis for this data processing is your consent within the meaning of Art. 6 (1) lit. a, 49 (1) lit. a GDPR. Insofar as Google retrieves data from your terminal device in the context of map use or stores it there, this is done on the basis of your consent within the meaning of § 25 (1) TTDSG. The deletion of the processed data is carried out by Google after the end of the purpose.
d) Consent Management ("Cookie Banner")
We use the Usercentrics Consent Manager to display our cookie banner. The purpose of this is to manage your consents, possible revocations of consents and objections to the use of cookies, as well as any necessary verification.
Without this data, which is automatically provided by your browser, you will not be able to use our websites.
In addition to technical log data (see above, 2.1. lit. a), the time of your selection decision and the time of the last visit are also documented.
This data is provided automatically by your browser (technical log data) or by your active decision.
Recipient of the data: Usercentrics GmbH, Rosental 4, 80331 Munich, Germany
The legal basis of the processing is our legitimate interest within the meaning of Art. 6 (1) lit. f GDPR in a safe and reliable implementation of your decision with regard to the setting and reading of cookies and their documentation, control of the logic for setting cookies. The data cookie is deleted six months after your last visit. Server log data is anonymized before storage. The revocation of a previously given consent will be stored for three years, as well as your given consent, Insofar as we retrieve data - possibly also without personal reference - from your terminal device or store it there, this is done on the basis of § 25 (2) TTDSG.
2.2 Content from third party sites
a) Google Maps
Our websites use the service 'Google Maps' from Google (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland), e.g. to visualize our locations on a map and to enable you to plan a route.
We have integrated Google Maps in a way that ensures that only with your consent (i.e. by actively clicking on the map icon) the map is built and thus data is transmitted to Google. This is then the technical protocol data already mentioned in section 2.1 lit. a or also, upon release, your current location (for more information, see https://policies.google.com/technologies/location-data?hl=de) or a departure point entered by you for route planning. Google's data protection provisions apply to this service (https://www.google.com/intl/de_de/policies/privacy/), supplemented by the separate terms of use for Google Maps (https://www.google.com/intl/de_de/help/terms_maps.html).
Recipient of the data: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.
In exceptional cases, the data processed by Google may also be transferred to a third country, e.g. the USA. There, the level of protection of the GDPR is not guaranteed and, if applicable, government authorities (even without your / our knowledge) may have access to the data in accordance with the regulations applicable there. You also expressly agree to this possible transfer, taking into account the associated risks, if you consent to the extended data processing and thus also to the use of Google Maps by us.
The legal basis for this data processing is your consent within the meaning of Art. 6 (1) lit. a, 49 (1) lit. a GDPR. Insofar as Google retrieves data from your terminal device in the context of map use or stores it there, this is done on the basis of your consent within the meaning of § 25 (1) TTDSG.
For more information on how long Google stores data, please visit https://policies.google.com/privacy?hl=de#inforetaining.
b) Youtube videos
Our websites include video material that is stored on the video platform 'Youtube'. Youtube is a service of Google (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland).
We have integrated Youtube in a way that ensures that the video is only loaded with your consent (i.e. by actively clicking on the video icon) and thus data is transmitted to Google. With your consent, data is transmitted to Google, e.g. the technical protocol data already mentioned in section 2.1 lit. a as well as the ID of the called video. We use Youtube in the extended data protection mode, so that only the data transmission is minimized as far as possible. For more information on data protection at Youtube, please visit https://support.google.com/youtube/answer/2801895?hl=de.
Recipient of the data: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
In exceptional cases, the data processed by Google may also be transferred to a third country, e.g. the USA. There, the level of protection of the GDPR is not guaranteed and, if applicable, government authorities (even without your / our knowledge) may have access to the data in accordance with the regulations applicable there. You also expressly agree to this possible transfer, taking into account the associated risks, if you consent to the extended data processing and thus also to the use of Youtube by us.
The legal basis for this data processing is your consent within the meaning of Art. 6 (1) lit. a, 49 (1) lit. a GDPR. Insofar as Google retrieves data from your terminal device in the context of the video playout or stores it there, this is done on the basis of your consent within the meaning of
§ 25 (1) TTDSG.
For more information on the storage period of data at Google in the context of Youtube integration, please visit https://policies.google.com/privacy?hl=de#inforetaining.
c) Social media links and social wall
You can also find us on selected social networks. We have designed the references to them as simple links and do not use the corresponding link plugins of the providers, so that no data is automatically transmitted to them.
We provide an overview of our publications in social media by means of a local proxy, so that no data transmission to social networks takes place at this point either, as long as you do not actively click on corresponding content.
2.3 Premium Pages, Newsletters and Whitepapers, Contact Forms
a) myWieland
We offer our customers a closed area in which they can, for example, track their orders and access further information about their business relationship with us.
Recipients of the data: Wieland Group Companies
The legal basis for this data processing is the contractual relationship between you and us within the meaning of Art. 6 (1) 1 lit. b GDPR. Insofar as we retrieve or store data on your terminal device, this is done on the basis of your express wish to use myWieland within the meaning of § 25 ( 2) no. 2 TTDSG.
b) Newsletters and whitepapers
We offer a range of newsletters and whitepapers on various topics relating to our products and services, which you can subscribe to by e-mail if you are interested. For this purpose, we need your e-mail address for sending the e-mail. Further information is voluntary. When you register, we also record the website from which you registered, the IP address of your computer, the time of registration and, if applicable, the time of a double opt-in.
Please note that we can only send you the requested newsletter / whitepapers after you have confirmed your e-mail address. For this purpose, we will send you a separate e-mail after registration, in which you please click the confirmation link ('Double Opt-In').
Recipients of the data: Companies of the Wieland Group
The legal basis for this data processing is your consent within the meaning of Art. 6 (1) lit. a GDPR. Insofar as we retrieve data from your terminal device or store it there within the scope of the newsletter or when requesting white papers, this is done on the basis of your consent within the meaning of § 25 (1) TTDSG.
You can revoke your consent to receive newsletters / whitepapers at any time with effect for the future. To do so, simply use the 'unsubscribe' link at the end of the respective email or send an email to newsletter@wieland.com.
We will delete your data in this regard (e-mail address and any voluntary information) no later than 30 days after you unsubscribe, or after 10 days if the link in the confirmation e-mail was not clicked.
c) Contact forms
For questions of any kind, we offer you the possibility to contact us via a form provided on the website. It is necessary to provide a valid e-mail address so that we can answer your inquiry. Further information can be provided voluntarily. In addition, when sending the contact request, we record the IP address of your computer and the time of sending.
Recipients of the data: Companies of the Wieland Group
The legal basis for this data processing is your consent within the meaning of Art. 6 (1) 1 lit. a GDPR. You can revoke your consent to the use of your data in the context of contacting us at any time with effect for the future. To do so, please contact us by e-mail at newsletter@wieland.com.
The personal data collected by us for the use of the contact forms will be deleted after the final processing of your request, unless this conflicts with a legal obligation to retain data, e.g. under commercial law. In this case, the deletion takes place after the end of the respective period.
Insofar as data is retrieved from your terminal device within the framework of the contact form or stored there, this is done on the basis of the consent you have given within the meaning of § 25 (1) TTDSG.
2.4 Web analytics and usage analysis
a) Web analysis by means of Google Analytics
For the purpose of web analysis, page optimization and to learn more about your interests when using our websites, we use the web analysis tool 'Google Analytics' from Google (Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland) on some of our websites.
This is done in pseudonymized and, as far as possible, anonymized form; of course, also using the IP anonymization function (i.e., the IP address transmitted by your browser is anonymized by shortening, i.e., deleting the last octet of the IPv4 address or the last 80 bits of the IPv6 address before storage).
The data processing is essentially carried out by Google, but we have deactivated the functions for further data processing by Google for its own purposes as well as the Google marketing functions. Nevertheless, it cannot be ruled out that Google may combine the collected data, for example, if you are logged into your browser with a Google account.
In addition to the technical data already mentioned in section 2.1 lit. a, further categories of data are processed:
- Google Analytics end-device data (this is data generated by Google Analytics and assigned to your end-device: this includes a unique ID for (re-)recognizing returning visitors (so-called 'client ID') and certain technical parameters for controlling data collection for web analytics).
- Google Analytics measurement data (device-related raw data (so-called 'dimensions' and 'measurements') that are collected and analyzed by Google Analytics when our websites are used. This includes information about the sources through which visitors arrive at our websites, information about the location, the browser and the end device used, information about the use of the website (in particular page views, call frequency and dwell time on the respective page called up) as well as information about the fulfillment of certain objectives. The data is in each case assigned to the client ID assigned to your end device. This results in device-related usage profiles in which all device-related raw data are combined into one client ID. The data we collect using Google Analytics does not enable us to identify you directly on a personal level (i.e., by name). We also do not combine the raw device-related data and the resulting device-related usage profiles with data that directly identifies you personally without your consent).
- Google Analytics report data (data included in aggregated segment- and device-related reports generated by Google Analytics based on the analysis of raw device-related data).
Recipient of the data: Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
In exceptional cases, the data processed by Google may also be transferred to the US. There, the level of protection of the GDPR - despite our risk minimization measures such as IP anonymization - is not guaranteed, and government authorities (even without your / our knowledge) may be able to access the data in accordance with the regulations applicable there. You also expressly agree to this possible transfer, taking into account the associated risks, if you consent to the extended data processing and thus also to the use of Google Analytics by us.
The legal basis for this data processing is your consent within the meaning of Art. 6 (1) lit. a, 49 (1) lit. a GDPR. Insofar as Google retrieves data from your terminal device within the scope of web analysis or stores it there, this is done on the basis of your consent within the meaning of § 25 (1) TTDSG.
The personal data we collect as part of the web analysis is stored for 14 months and then deleted.
Of course, our website is fully usable even if you do not give consent to web analytics.
b) Web analysis by means of Matomo
For the purpose of web analysis, page optimization and to learn more about your interests when using our websites, we use the web analysis tool Matomo on some of our websites, for example on our premium pages ('myWieland'). Access data is collected pseudonymously and as far as possible anonymously, so that no direct link to a user can be established. In particular, we anonymize your IP address by shortening it, i.e. deleting the last octet of the IPv4 address or the last 80 bits of the IPv6 address before storing it.
With Matomo, we process the following categories of data:
- End device data (this is data generated by Matomo and assigned to your end device: this includes a unique ID for (re-)recognizing returning visitors (so-called 'client ID') as well as certain technical parameters for controlling data collection for web analytics).
- Measurement data (device-related raw data (so-called 'dimensions' and '
measurement values') that are collected and analyzed by Matomo when using our websites. This includes information about the sources through which visitors arrive at our websites, information about the location, the browser and terminal device used, information about the use of the website (in particular page impressions, frequency of calls and length of stay on the respective page called up) as well as information about the fulfillment of certain objectives. The data is in each case assigned to the client ID assigned to your end device. This results in device-related usage profiles in which all device-related raw data are combined into one client ID. The data we collect using Matomo does not allow us to identify you directly on a personal level (i.e., by name). We also do not combine the raw device-related data and the resulting device-related usage profiles with data that directly identifies you personally without your consent).
- Report data (data included in aggregated segment- and device-related reports generated by Google Analytics based on analysis of raw device-related data)
The legal basis for this data processing is your consent within the meaning of Art. 6 (1) lit. a GDPR. Insofar as we retrieve data from your terminal device within the scope of web analysis or store it there, this is done on the basis of your consent within the meaning of § 25 (1) TTDSG.
The personal data we collect as part of the web analysis is stored for 14 months and then deleted.
We process web analytics data collected via Matomo locally within the Wieland Group.
Of course, our website is fully usable even if you do not give consent to web analytics.
3. Your rights
You have a number of legal rights vis-à-vis us as the responsible party (or also vis-à-vis the jointly responsible parties of the Wieland Group), which we would like to point out to you below.
The easiest way to exercise your rights is to use our online data protection portal, which you can access via https://privacy.wieland.com/wieland/anfrage_meldung.html?key=khupwYzouWRLtVgY&lang=2.
You can of course also contact us (and any company of the Wieland Group jointly responsible with us) by letter post. Please note 'for the attention of the data protection officer' on the envelope to ensure that it can be allocated and forwarded quickly. You can also reach our data protection officer by email at datenschutz@wieland.com.
Your rights as a person affected by data processing in detail:
- Right to information (Art. 15 GDPR)
As a data subject, you have a right to information under the conditions of Art. 15 GDPR.
This means in particular that you have the right to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you also have a right to information about this personal data and to the information listed in Art. 15 (1) GDPR. - Right to rectification (Art. 16 GDPR)
As a data subject, you have a right to rectification under the conditions of Art. 16 GDPR.
This means in particular that you have the right to demand that we correct any inaccurate personal data relating to you and complete any incomplete personal data without undue delay. - Right to erasure ('right to be forgotten') (Art. 17 GDPR)
As a data subject, you have a right to erasure under the conditions of Art. 17 GDPR.
This means that you generally have the right to demand that we delete personal data concerning you without delay, and we are obliged to delete personal data without delay if one of the reasons listed in Art. 17(1) GDPR applies.
To the extent that we have made the personal data public and we are obliged to erase it, we are also obliged to take reasonable measures, including technical measures, having regard to the available technology and the cost of implementation, to inform other data controllers which process the personal data that a data subject has requested that they erase all links to or copies or replications of that personal data (Art. 17(2) GDPR).
Exceptionally, the right to erasure does not apply insofar as the processing is necessary for the reasons listed in Art. 17(3) GDPR. This may be the case, for example, insofar as the processing is necessary for compliance with a legal obligation or for the assertion, exercise or defense of legal claims (Art. 17 (3) a, e GDPR). - Right to restriction of processing (Art. 18 GDPR)
As a data subject, you have a right to restriction of processing under the conditions of Art. 18 GDPR.
This may be the case, for example, if you dispute the accuracy of the personal data. In this case, the restriction of processing is carried out for a period that allows us to verify the accuracy of the personal data (Art. 18 (1) a GDPR).
Restriction means the marking of stored personal data with the aim of limiting their future processing (Art. 4 No. 3 GDPR). - Right to data portability (Art. 20 GDPR)
As a data subject, you have a right to data portability under the conditions of Art. 20 GDPR.
This means that, in principle, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format, and you have the right to transfer this data to another controller without hindrance from us, provided that the processing is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and the processing is carried out with the aid of automated procedures (Art. 20(1) GDPR).
When exercising your right to data portability, you also have the fundamental right to have the personal data transferred directly from us to another controller, insofar as this is technically feasible (Article 20 (2) of the GDPR). - Right of objection (Art. 21 GDPR)
As a data subject, you have a right of objection under the conditions of Art. 21 GDPR.
We will expressly point out your right of objection to you as a data subject at the latest at the time of the first communication with you.
In detail, the following applies:
1. Right to object on grounds relating to the data subject's particular situation
As a data subject, you have the right to object
at any time on grounds relating to your
particular situation to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
In the event of an objection on grounds relating to your particular situation, we will no longer process the personal data concerned, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
2. Right to object to direct marketing
If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.
In the event of an objection to processing for direct marketing purposes, we will no longer process the personal data concerned for these purposes. - Right to withdraw consent (Art. 7 (3) GDPR)
If the processing is based on consent within the meaning of Art. 6(1)(a), Art. 9(2)(a) GDPR and / or Section 25(1) TTDSG or another legal basis, you as the data subject have the right to revoke your consent at any time in accordance with Art. 7(3) GDPR. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. We will inform you of this before you give your consent.
You can view your consent to the storage, retrieval and processing of your data within the scope of our websites at any time and revoke it with effect for the future by clicking on the following link:
- Right to complain to the supervisory authority (Art. 77 GDPR)
As a data subject, you have the right to lodge a complaint with a supervisory authority under the conditions of Art. 77 GDPR.
Our DPO is also available at any time to clarify any questions you may have about data processing with you or to help you further with your data protection concerns.
4. Transfer to third countries
If we also transfer personal data to recipients located outside the European Union or the EEA (so-called third countries), we ensure prior to the transfer that an adequate level of data protection exists at the recipient's site by means of appropriate (contractual) guarantees or recognized agreements, or that informed consent has been obtained with reference to possible risks regarding the transfer of personal data.
5. Automated decision making including profiling
We do not use profiling within the meaning of Art. 22 GDPR in the context of the use of our websites.
6. Specific provisions for people from certain regions
California Residents Privacy Rights
Wieland Group companies primarily provide services to business customers; in the uncommon circumstance that an individual consumer who is a California resident interacts with us directly, such as through our website, this section applies. We adopt this notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and any terms defined in the CCPA have the same meaning when used in this notice.
For details, please see our information for individual consumers who are a California resident.