Privacy Statement
I. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other national data protection acts of the member states as well as other privacy provisions is:
Heinz Walz GmbH
Managing Directors: Steffen Walz, Julia Walz and André Walz
Eichenring 6
91090 Effeltrich
Germany
Phone: +49 9133 7765-0
Fax: +49 9133 5395
E-mail: info@walz.com
Website: www.walz.com
II. Name and address of the data protection officer
The controller’s data protection officer is:
Oliver Fouquet
Fürther Straße 98-100
90429 Nuremberg
Germany
Phone: +49 (0)911/3238653
E-mail: info@metropoldata.de
Website: www.metropoldata.de
III. General information on data processing
1. Scope of personal data processing
As a matter of principle, we only collect and use personal data of our users if it is required to provide a fully functional website and our contents and services. Personal data of our users are regularly only collected and used with the user’s consent. Exceptions apply in cases where it is not possible to obtain prior consent for factual reasons and data processing is permitted by law.
2. Legal basis for personal data processing
If the data subject has given consent to the processing of his or her personal data, Art. 6 Sect. 1 lit. a EU General Data Protection Regulation (GDPR) shall serve as legal basis for the processing of personal data.
If processing is necessary for the performance of a contract to which the data subject is party, Art. 6 Sect. 1 lit. b GDPR shall apply. This shall also apply to processing operations required to implement pre-contractual measures.
If personal data processing is necessary for compliance with legal obligations to which our company is subject, Art. 6 Sect. 1 lit. c GDPR shall serve as legal basis.
In case, the protection of vital interests of the data subject or another natural person requires personal data processing, Art. 6 Sect. 1 lit. d GDPR shall serve as legal basis.
If processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, Art. 6 Abs. 1 lit. f DSGVO shall serve as legal basis for processing.
3. Data erasure and storage period
Personal data of the data subject shall be erased or blocked as soon as the purpose of storage no longer applies. Further storage may take place if it is necessary for compliance with a legal obligation which requires processing under European Union or member state law to which the controller is subject. Blocking or erasure of the data shall also take place if the storage period stipulated by such standards expires unless further data storage is necessary for contract conclusion or performance.
IV. Provision of the website and creation of log files
1. Description and scope of data processing
Every time you access our website, our system automatically gathers data and information from the computer system of the accessing computer.
The following data is gathered:
- Referrer URL
- User agent
- IP address of the user
The IP address is anonymised so that data cannot be attributed to a certain user. Such data are not stored together with other personal data of the user.
2. Legal basis for data processing
The legal basis for temporary data storage is Art. 6 Sect. 1 lit. f GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is required in order to enable delivery of the website to the user’s computer. The IP address of the user has to be stored for the duration of the session.
Storage takes place in log files in order to assure the functionality of the website.
That is also the purpose of our legitimate interest in data processing pursuant to Art. 6 Sect. 1 lit. f GDPR.
4. Duration of storage
The data will be deleted as soon as it is no longer required to achieve the purpose of their collection. In the event of data collection in order to provide the website, this is the case when the respective session has been terminated.
Log files are stored for the current month and the past three months.
5. Possibility to object and remove
Data collection in order to provide the website and data storage in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility to object on part of the user.
V. Use of cookies
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a website, a cookie may be stored on the user’s operating system. These cookies contain a characteristic string of characters that allows the browser to be uniquely identified when you return to the website. We use session cookies, which are only used until the browser is closed.
The following cookies are used (except for Google Analytics):
- csrf_https-contao_csrf_token (functional cookie from Contao for website functionality)
- klaro (consent manager settings) to save your consent
- PHPSESSID (functional cookie for Reference DB)
2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 (1) lit. f GDPR.
3. Purpose of data processing
The purpose of using technically necessary cookies is to enable the use of websites for users. The user data collected through technically necessary cookies are not used to create user profiles.
Our legitimate interest in the processing of personal data in accordance with Art. 6 (1) lit. f GDPR lies in these purposes.
4. Duration of storage, possibility of objection and removal
Cookies are stored on the user’s computer and transmitted to our website from there. As a user, you therefore have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.
We use session cookies, which are only used until the browser is closed and then deleted.
VI. Google Maps
1. Description and scope of data processing
The website www.walz.com uses Google Maps API in order to visualise geographic information. Data on the use of Maps functions by website visitors are also collected, processed and used by Google when using Google Maps. You will find more information on data processing by Google in the Privacy Policy of Google.
2. Legal basis for data processing
Art. 6 Sect. 1 lit. f GDPR constitutes the legal basis for data processing. 4
3. Purpose of data processing
Embedding Google Maps in our homepage serves the purpose of better and easier finding of our company.
These purposes also constitute our legitimate interest in data processing pursuant to Art. 6 Sect. 1 lit. f GDPR.
4. Duration of storage
Data erasure does not take place. You will find more information on data processing by Google in the Privacy Policy of Google, where you can also change your settings in the data protection centre so that you can manage and protect your data and activities are no longer collected or can be erased.
5. Possibility to object and remove
You will find more information on data processing by Google in the Privacy Policy of Google, where you can also change your settings in the data protection centre so that you can manage and protect your data.
VII. Google Analytics
1. Description and scope of data processing
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). The use is based on Art. 6 (1) s. 1 lit. f. GDPR. Google Analytics uses “cookies”, which are text files placed on your computer that make it possible to analyse how you use the site. The information on how you use the website generated by the cookie including
- browser type/version,
- operating system used,
- referrer URL (the previously visited page),
- host name of the accessing computer (IP address),
- time of the server request
are usually transferred to a Google server in the USA and stored there. The IP address submitted by your browser as part of Google Analytics will not be merged with other Google data. In addition, we have added the code “anonymizeIP” to Google Analytics on this website. This guarantees that your IP address is masked so that all data are collected anonymously. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on the website activities, and to provide other services related to the use of the website and the internet for the website operator. You can prevent the storage of cookies by selecting the appropriate settings on your browser; please note, however, that if you do this, you may not be able to use all functions of our website to their full extent.
When accessing our website, the user is informed about the use of Google Analytics for analysis purposes and the user’s consent to the processing of personal data used in this context is obtained. Reference is made then to this data protection policy.
2. Legal basis for the processing of data
We obtain your consent before tracking, so that the legal basis is Art. 6(1) lit. a GDPR.
3. Purpose of data processing
The analysis cookies are used to evaluate the use of the website, to compile reports on the website activities, and to provide further services related to the use of the website and the internet to the visitor, as well as to be able to optimise the website according to the visitor behaviour.
4. Duration of storage, possibility of objection and removal
If you wish to object to the use of your data after giving your consent, you can prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by downloading and installing the browser plugin available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
We also use Google Analytics to analyse data from double-click cookies and AdWords for statistical purposes. If you do not want this, you can deactivate it via the ads preferences manager (http://www.google.com/settings/ads/onweb/?hl=de).
5. Deletion of data and storage period
The data are automatically deleted after 14 months.
Once a month, data for which the end of the retention period has been reached are automatically deleted.
When you visit our homepage again, the user ID will be reset so that the deletion time is set to the current time plus the retention period by the expiration date. Therefore, if you visit our homepage again before the deletion period of 14 months has expired, the data storage period will be extended again by 14 months if you do not visit the homepage again.
VIII. YouTube
1. Description and scope of data processing
This website uses at least one plugin from YouTube, which is part of Google Inc., located in San Bruno/California, USA. If you visit one of our website pages featuring a YouTube plugin, a connection to the YouTube servers is established. Here the YouTube server is informed about which of our pages you have visited. Should you be logged in to your YouTube account, you would allow YouTube to associate your browsing behaviour directly with your personal profile.
2. Legal basis for data processing
The legal basis for the processing of the data is Art. 6(1) lit. a GDPR, as we obtain your consent before starting a video.
3. Purpose of data processing
The embedding of YouTube videos serves to give you an impression of our company in moving images, which is only possible to a limited extent with photographs.
4. Duration of storage
For more information on the handling of user data, please go to YouTube’s privacy policy at https://www.google.de/intl/de/policies/privacy.
5. Possibility of objection and removal
You can prevent the association by first logging out of your YouTube account. For more information on the collection and use of your data by YouTube, please read their notes on data protection at www.youtube.com.
For more information on the handling of user data, please refer to YouTube’s privacy policy at https://www.google.de/intl/de/policies/privacy
IX. Google Tag Manager
1. Description and scope of data processing
Google Tag Manager is an organizational tool that allows us to include and manage website tags centrally and through a user interface. Tags are small sections of code that, for example, record (track) your activity on our website. For this purpose, JavaScript code sections are inserted into the source code of our site. The tags often come from Google’s own products such as Google Ads or Google Analytics, but tags from other companies can also be included and managed via the manager. Such tags perform different tasks. They can collect browser data, feed marketing tools with data, embed buttons, set cookies, or even track users across multiple websites.
The Tag Manager itself does not set any cookies and does not store any data. It acts as a mere “manager” of the implemented tags.
In the Tag Manager account settings, we have allowed Google to receive anonymized data from us. However, it is only the use and usage of our tag manager and not your data that are stored via the code sections. We allow Google and others to receive selected data in anonymized form.
2. Legal basis for data processing
The legal basis is Art. 6 (1) lit. f GDPR.
3. Purpose of data processing
The Google Tag Manager (GTM) is used to reload tools that you have consented to use.
X. Facebook Fanpage
1. Description and scope of data processing
We have a page on the Facebook social network operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) to communicate with customers, prospects and users. With respect to data processing, Facebook and we are joint data controllers within the meaning of Article 26 (1) GDPR. Our mutual obligations arising from joint responsibility are set forth in an agreement between Facebook and us, the “Page Insights Controller Addendum”. Please follow the link to read the agreement: https://www.facebook.com/legal/terms/page_controller_addendum.
We statistically evaluate how you use our fan page. For this purpose, we receive extensive statistics on the use of our Facebook pages, the “Facebook Insights”, which, however, do not contain any personal data. For more information on Facebook Insights, please visit: https://www.facebook.com/legal/terms/information_about_page_insights_data. We do not create profiles on individual users.
We use the statistics to adapt our fan page to user needs. For this purpose, we use the interests of the users evaluated by Facebook and resulting from the statistics. To this end, Facebook uses cookies for example as follows
- Setting and reading of a cookie and subsequent processing of personal data, including in the form of linking usage data to statistics (so-called insights) by means of the datr cookie.
- Setting and reading a cookie and subsequent processing of personal data in the form of linking usage data for profiling and advertising purposes by means of the fr cookie, among others.
- Storage and reading of a cookie and subsequent processing of personal data in the form of linking the usage data with the information on statistics (so-called insights) previously provided by the registered users as part of the registration process by means of the c_user cookie.
For more information, please visit https://de-de.facebook.com/policies/cookies/
2. Legal basis for the processing of personal data
The legal basis is our legitimate interest in informing users and communicating with users pursuant to Art. 6 (1) p. 1 lit. f GDPR. When you communicate with us via Facebook, we have a legitimate interest in responding to your inquiry pursuant to Art. 6 (1) p. 1 lit. f GDPR. If your request is aimed at the conclusion of a contract or the implementation of pre-contractual measures, the additional legal basis for the processing is Art. 6 (1) p. 1 lit. b GDPR.
3. Duration of storage, objection and removal
Personal data from the contact request will be deleted when further storage is not necessary. This is the case if circumstances indicate that the issue in question has been conclusively clarified and the conversation with the user has ended. Contract-related data are retained for six years from termination of the mandate, tax-related data for ten years.
Information on the storage period of cookies can be found at https://de- de.facebook.com/policies/cookies
By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have been stored can be deleted at any time. This can also be done automatically.
4. Transfer to third countries
Data processing may also take place outside the EU or the EEA, namely in particular on Facebook servers located in the USA. This could lead to risks for users as it could make it more difficult to enforce users’ rights, for example. The standard contractual clauses for the transfer of personal data to third countries under the GDPR, which were approved by the European Commission in its Decision 2021/914 of June 4, 2021, apply to the transfer of data; (https://de- de.facebook.com/legal/EU_data_transfer_addenDum)
XI. Newsletter
1. Description and scope of data processing
Newsletters are sent on the basis of user registration on the website.
Users can subscribe to our free newsletter on our website. The following data from the input mask are submitted to our company upon newsletter registration:
- Name
- Address
- Company/Authority
- Country
- Phone number
- E mail address
- Fax number
- Message content
Your consent to data processing is obtained within the scope of the registration process by reference to this privacy statement.
Data are not transferred to third parties in the context of data processing for the sending of newsletters. Data are solely used to send the newsletter.
2. Legal basis for data processing
Art. 6 Sect. 1 lit. a GDPR constitutes the legal basis for data processing upon newsletter registration by the user if the user has given consent.
3. Purpose of data processing
The collection of the user’s e-mail address serves the purpose of delivering the newsletter.
The collection of other personal data within the scope of the registration process serves the purpose of preventing misuse of the services or used e-mail address.
4. Duration of storage
The data will be deleted as soon as they are no longer required to achieve the purpose of their collection. Thus, the user’s e-mail address will be stored as long as the subscription to the newsletter is active.
5. Possibility to object and remove
The data subject may terminate the subscription to the newsletter at any time. Every newsletter contains a respective link for this purpose.
Cancellation is possible at any time by sending an informal e-mail to an info@walz.com, to Heinz Walz GmbH, Eichenring 6, DE-91090 Effeltrich or via fax to +49 (0)9133/5395.
XII. Contact form and email contact
1. Description and scope of data processing
Our website contains a contact form that can be used for electronic mail. If users seize this opportunity, the data entered in the input mask are submitted to and stored by our company. Such data include:
- Name
- Address
- Company/Authority
- Country
- Phone number
- E-mail address
- Fax number
- Message content
Your consent to data processing is obtained within the scope of submitting your message by reference to this privacy statement.
You can alternatively contact us via the provided e-mail address. In this case, personal user data submitted in the e-mail are stored.
Data are transferred to our agent in other countries in this context, if this is necessary to handle your request. Data are solely used to process the conversation.
2. Legal basis for data processing
Art. 6 Sect. 1 lit. a GDPR constitutes the legal basis for data processing upon consent of the user.
Art. 49 Sect. 1 lit b) GDPR constitutes the legal basis for data transfer in other countries and third parties.
Art. 6 Sect. 1 lit. f GDPR constitutes the legal basis for the processing of data submitted via e- mail. Art. 6 Sect. 1 lit. b GDPR constitutes an additional legal basis for the processing if the e- mail contact has the aim of concluding a contract.
3. Purpose of data processing
The processing of personal data from the input mask solely serves the purpose of processing the contact. In case of contact via e-mail, this also constitutes the required legitimate interest in data processing.
Other personal data processed during submission serve the purpose of preventing misuse of the contact form and assuring the security of our IT systems.
4. Duration of storage
Data will be deleted as soon as it they no longer required to achieve the purpose of its collection. This is the case for personal data from the input mask of the contact form and data submitted via e-mail when the respective conversation with the user has been terminated. A conversation is terminated if it can be inferred from the circumstances that the respective situation has been conclusively clarified.
Additional personal data collection during submission will be erased after a maximum period of seven days.
5. Possibility to revoke and remove
Users may revoke their consent to personal data processing at any time. If users contact us via e-mail, they may object to the storage of their personal data at any time. In this case, the conversation cannot be continued.
Revocation may be submitted via e-mail to info@walz.com, to Heinz Walz GmbH, Eichenring 6, DE-91090 Effeltrich or via fax to +49 9133 5395 at any time.
Any personal data stored within the context of contacting will be erased in this case.
XIII. Rights of the data subjects
If your personal data are processed, you are a data subject within the meaning of the GDPR and entitled to the following rights vis-a-vis the controller:
1. Right of access
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed by our company.
If data is processed, you may request access to the following information from the controller:
(1) the purposes of personal data processing;
(2) the categories of personal data processed;
(3) the recipients or categories of recipients to whom personal data have been or will be disclosed;
(4) the envisaged period for which your personal data will be stored or, if not possible to provide detailed information, the criteria used to determine that period;
(5) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject by the controller or object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data is not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in article Art. 22 Sect. 1 and 4 GDPR and – at least in those cases – meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You are entitled to request information as to whether your personal data are transferred to a third country or international organisation. In this context, you may request information on appropriate safeguards with regard to the transfer pursuant to Art. 46 GDPR.
2. Right to rectification
You have the right to obtain from the controller the rectification and/or completion of inaccurate personal data concerning you. The controller shall perform rectification without undue delay.
3. Right to restriction of processing
You may request the restriction of processing of your personal data under the following conditions:
(1) if you contest the accuracy of your personal data for a period enabling the controller to verify the accuracy of the personal data;
(2) if processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) if the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims; or
(4) if you have objected to the processing pursuant to Art. 21 Sect. 1 GDPR pending the verification whether the legitimate grounds of the controller override yours.
Where processing has been restricted, such data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of rights of another natural or legal person or for reasons of important public interest of the European Union or of a member state.
If restriction of processing has been obtained according to the aforementioned conditions, you shall be informed by the controller before the restriction of processing is lifted.
4. Right to erasure
a) Obligation to erase
You have the right to obtain from the controller the erasure of your personal data without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
(1) Your personal data are no longer necessary in relation to the purpose for which they were collected or otherwise processed.
(2) You withdraw your consent on which the processing is based according to Art. 6 Sect. 1 lit. a or Art. 9 Sect. 2 lit. a GDPR and where there is no other legal ground for processing.
(3) You object to the processing pursuant to Art. 21 Sect. 1 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 Para. 2 GDPR.
(4) Your personal data have been unlawfully processed.
(5) Your personal data have to be erased for compliance with a legal obligation under European Union or member state law to which the controller is subject.
(6) Your personal data were collected in relation to the offer of information society services pursuant to Art. 8 Sect. 1 GDPR.
b) Information to third parties 15
Where the controller has made your personal data public and is obliged to erase the personal data pursuant to Art. 17 Sect. 1 GDPR, the controller – taking account of available technology and the cost of implementation – shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data.
c) Exceptions
The right to erasure shall not apply to the extent that processing is necessary:
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing under Union or member state law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 Sect. 2 lit. h and i as well as Art. 9 Sect. 3 GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 Sect. 1 GDPR in so far as the right referred to in paragraph a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
(5) for the establishment, exercise or defence of legal claims.
5. Right to information
If you exercised your right to rectification, erasure or restriction of processing towards the controller, he or she shall be obliged to inform all recipients to whom your personal data have been disclosed about such rectification, erasure or restriction of processing unless this proves impossible or causes disproportionate effort.
You are entitled to receive information on such recipients from the controller.
6. Right to data portability
You shall have the right to receive your personal data, which you provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:
(1) the processing is based on consent pursuant to Art. 6 Sect. 1 lit. a GDPR or Art. 9 Sect. 2 lit. a GDPR or on a contract pursuant to Art. 6 Sect. 1 lit. b GDPR; and
(2) the processing is carried out by automated means.
In exercising this right, you shall also have the right to have the personal data transmitted directly from one controller to another, where technically feasible. Freedoms and rights of other persons may not be adversely affected in that respect.
The right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
7. Right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal data based on Art. 6 Sect. 1 lit. e or f GDPR, including profiling based on those provisions.
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In the context of the use of information society services – and notwithstanding the Directive 2002/58/EC – you may exercise your right to object by automated means using technical specifications.
8. Right to revoke the declaration of consent under privacy law
You shall have the right to revoke your declaration of consent under privacy law. The revocation of consent shall not affect processing carried out before revocation.
9. Automated individual decision-making, including profiling
You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects for you or similarly significantly affects you. This shall not apply if the decision:
(1) is necessary for entering into, or performance of, a contract between you and the controller,
(2) is authorised by Union or member state law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
(3) is based on your explicit consent.
However, such decisions may not be based on special categories of personal data referred to in Art. 9 Sect. 1 GDPR, unless Art. 9 Sect. 2 lit. a or g applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place.
In the cases referred to in sections (1) and (3), the data controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.
10. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.