At WSW Software GmbH, privacy and data security are among our most important principles. WSW Software GmbH attaches great importance to the protection of your privacy and complies with all applicable data protection legislation. In the following, we explain how we process your personal data.
1. Data controller
The data controller with responsibility for the collection, processing and use of your personal data within the meaning of the GDPR is:
WSW Software Gesellschaft mit beschränkter Haftung
Phone: +49 (0) 89 89 50 89-0
Fax: +49 (0) 89 89 50 89-190
CEO: Klaus Müer
1.1 Name and contact details of the Data Protection Officer
Phone: +49 (0) 89 89 50 89-160
1.2 Legal basis for the processing of personal data
Insofar as we obtain the data subject's consent to process their personal data, Article 6 (1) (a) of the General Data Protection Regulation (GDPR) provides the legal basis.
We process your personal data for the purposes of the contract, whereby Article 6 (1) (b) GDPR provides the legal basis. This also applies to processing operations carried out for the purpose of implementing pre-contractual measures.
To the extent that it is necessary to process personal data in order to fulfill a legal obligation on the part of our company, Article 6 (1) (c) GDPR provides the legal basis.
In the event that vital interests of the data subject or any other natural person require the processing of personal data, Article 6 (1) (d) GDPR provides the legal basis.
Where the processing is necessary to safeguard the legitimate interests of our company, and provided that the interests, fundamental rights and freedoms of the data subject do not outweigh the former interests, then Article 6 (1) (f) GDPR provides the legal basis for the processing. Our interests in the processing include, in particular, ensuring the operation and security of the website, analyzing the usage of the website by visitors and simplifying the use of the website.
1.3 General information
Types of processed data:
- Contact details (e.g., e-mail, telephone numbers)
- Usage data (e.g., visited websites, content of interest, access times)
- Meta/communication data (e.g., device information, IP addresses)
The data subjects are the visitors to – and users of – our online services. In the following, we also refer to the data subjects as "users."
Purpose of the processing
- To deliver our online services, including the related functions and content
- To respond to contact requests and communicate with users
- Reach measurement/marketing
"Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"). A natural person is considered to be identifiable if they can be identified directly or indirectly, in particular by association with an identifier such as a name, identification number, location data, an online identifier (e.g., a cookie) or by means of one or more unique features which express the physical, physiological, genetic, psychological, economic, cultural or social identity of said natural person.
"Processing" means any process performed with or without the aid of automated procedures or any such process associated with personal data. This term covers a wide range of activities and covers virtually every type of interaction with data.
The "data controller" refers to the natural or legal person, public authority, institution or body which, either alone or in concert with others, decides on the purposes and means of the processing of personal data.
We have leased data centers for the purpose of providing and operating this website. These data centers possess various certifications, including ISO 27001.
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, disk space and database services, collateral and technical maintenance services, which we use to operate this online service.
In doing so, we (or our hosting provider) process the inventory data, contact data, content data, contract data, usage data, meta and communication data submitted by customers, interested parties and visitors to this website on the basis of our legitimate interest in making this online offer available in an efficient and secure manner in accordance with Article 6 (1) (f) GDPR in conjunction with Article 28 GDPR (conclusion of an order processing contract).
The data centers are located in the European Union. To the extent that personal data of EU citizens is stored in data centers outside the European Union, the respective data centers have established an equivalent level of protection via standard contractual clauses.
Unless specifically stated, we store personal data only for as long as necessary to fulfill the stated purpose.
2. GENERAL USE OF THIS WEBSITE
If you wish to prevent additional cookies from being accepted by your browser, or to be notified when you receive new cookies, or if you wish to disable all cookies, please access the help function via your web browser's menu bar. You can disable or delete Flash cookies or similar features that are used by certain browser add-ons either by changing the settings of the respective browser add-on or by following the instructions on disabling them provided on the manufacturer's website.
2.2 Use of web fonts
In order to ensure that fonts are displayed consistently, this site uses so-called "web fonts" provided by MyFonts Inc., 600 Unicorn Park Drive, Woburn, MA 01801, United States. Whenever you access a web page, your browser loads the required web fonts into your browser cache in order to correctly display text and fonts.
In order to do this, the browser you are using must connect to the MyFonts servers. During this process, MyFonts is able to determine that our website was accessed from your IP address. Our use of MyFonts corresponds to our interest in ensuring of a consistent and attractive presentation of our online services. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. If your browser does not support web fonts, a default font will be used by your computer.
Further information about MyFonts is available at:
2.3 Access data
WSW collects information about you when you use this website. We automatically collect information about your usage behavior and interactions with us, and record information about your computer or mobile device. We collect, store and use data each time you access our online service (so-called "server log files"). This access data includes the name and URL of the retrieved file, the date and time of the retrieval, the quantity of data transferred, a notification of successful retrieval, the browser type and version, the operating system, the referrer URL (i.e. the previously visited page), the IP address, and the requesting provider.
We do not use this log data to identify you or for other profiling purposes, and instead use it for statistical analysis for the purpose of operation, security and optimization of our online services, and also to anonymously determine the number of visitors to our website (traffic) as well as the extent and nature of your use of our website and services. This information enables us to analyze traffic, find and fix bugs, and improve our services. We reserve the right to check the log data retrospectively in cases where we have legitimate grounds to suspect unlawful use of our services on the basis of concrete evidence. We store IP addresses in the log files for a limited period and to the extent necessary for security purposes or for the provision of services or the billing of a service. We also store IP addresses if we have compelling reasons to suspect criminal activity in connection with the use of our website. We also save the date of your last visit (e.g., when registering, logging in, clicking links, etc.) as part of your account data.
The legal basis for this data processing is provided by Article 6 (1) (1) (f) GDPR. Our legitimate interest follows from the data collection purposes listed above.
Purpose and Legal Basis
If you get in touch with us to inquire about an offer, the data entered into the contact form will be processed for the implementation of pre-contractual measures as defined in Article 6 (1) b of the GDPR.
Recipient of the Data
Our website is maintained by a service provider who acts on our behalf as a commissioned processor.
If you send us an inquiry about an offer, the service providers we use may received data for this purpose, provided they require these data to fulfill their respective service. All service providers are contractually obligated to treat your data in confidence.
Data will be deleted no later than 6 months after the inquiry has been processed.
If a contractual relationship arises, we are legally bound to keep the data on file for up to ten years.
Necessity of Provision
The provision of personal data is not required by law or contractual agreement. However without it, the inquiry cannot be processed.
Information regarding your right of revocation can be found in Point 3.6 of this data privacy statement.
2.5 Access and reach measurement
Google Analytics 4
Google Analytics is a web analysis service. It collects usage data from our websites and enables us to generate reports on website activity and thus improve the website. The information generated by the service about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to IP anonymization on this website, your IP address will be anonymized beforehand by Google within member states of the European Union or the EEA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data Processing Purposes
This list represents the purposes of data collection and processing.
This list contains all the technologies that this service uses to collect data. Typical technologies are cookies and pixels placed in the browser.
This list contains all (personal) data collected during or through the use of the Service.
- IP-Address (anonymized)
- Date and time of the visit
- Usage data
- Click path
- Browser information
- Device information
- Visited pages
- Referrer URL
- Flash version
- Location information
- Widget interaction
The following is the required legal basis for the processing of data
Article 6 paragraph 1 sentence 1 letter a) DSGVO
This is the primary location where the collected data is processed. If the data is also processed in other countries, you will be informed separately.
The storage duration is the period of time during which the collected data is stored for processing. The data must be deleted as soon as it is no longer needed for the specified processing purposes.
The data collected with Google Analytics is stored for a period of 14 months.
Transfer to Third Countries
Transfer to Third Countries
This service may transfer the collected data to another country. Please note that this service may transfer data outside the European Union and the EEA and to a country that does not provide an adequate level of data protection. If the data is transferred to the U.S., there is a risk that your data may be processed by U.S. authorities for control and monitoring purposes, without you possibly having any legal remedies. Below is a list of countries to which the data will be transferred. This may be for various purposes, such as storage or processing.
The following is a list of the recipients of the data collected.
- Alphabet Inc.
- Google LLC
- Google Ireland Limited
You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by
- Not giving your consent to the cookie being set, or
- downloading and installing the browser add-on to disable Google Analytics HERE.
The distribution service provider may retrieve the recipients' data in pseudonymous form, i.e. without assigning it to a user, in order to optimize or improve its own services, e.g., for technical improvements related to the distribution, the presentation of newsletters and/or for statistical purposes. However, the distribution service provider does not use the data submitted by our newsletter recipients in order to contact them directly, nor does it share this data with third parties.
If you wish to receive the newsletter offered on our website, we require your e-mail address. To ensure that you have consented to receive our newsletter, we use a "double-opt-in" procedure, during which the potential recipient can choose to be included in a distribution list. Afterwards, the user receives a confirmation e-mail via which they can confirm their newsletter subscription in accordance with the data protection legislation. The user's e-mail address will not be included in the distribution list until we receive this confirmation. The newsletter will be sent on the basis of your consent in accordance with Article 6 (1) (a) GDPR.
The newsletters contain a so-called "web beacon", i.e. a pixel-sized file that is either retrieved from our server – or if we use a distribution service provider, from the latter's server – when you open the newsletter. As part of this retrieval process, technical information is collected, including information about your browser and system, as well as your IP address and the time of retrieval.
This information is used to improve the technical performance of the respective services based on their specifications and/or on the target audience and its reading habits on the basis of its location (which can be determined via the IP address) and/or the time of access. These statistical surveys also include a determination of whether/when the newsletters are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, neither we nor the distribution service provider (if used) endeavor to observe the behavior of individual users. The evaluations merely allow us to identify the reading habits of our users and to adapt our content to suit them, or to send them different content in line with their interests.
3. Rights of data subjects
Under the applicable laws, you have various rights regarding your personal data. If you wish to assert these rights, please send us your request by post or e-mail, clearly identifying yourself and using the contact details listed under points 1 and 1.1. As a data subject you have the following rights.
4.1 Right to information
You have the right to request information about your personal data that is processed by us. In particular, you may request information about the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been disclosed, the planned retention period, your right of rectification, deletion, restriction of or objection to the processing, your right of appeal, the source of your data if it was not collected from us, and the existence of automated decision-making, including profiling, and if applicable, detailed information about this.
4.2 Right to rectification
You have the right to demand the immediate rectification of any incorrect personal data concerning you. In light of the stated purposes, you have the right to request the completion of any incomplete personal data concerning you, including by means of a supplementary statement.
4.3 Right to deletion ("right to be forgotten")
You have the right to ask us to delete your personal data without delay. Furthermore, we are obliged to delete your personal data immediately if one of the following reasons applies:
- the personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
- You have revoked your consent on which the processing was based pursuant to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, and no other legal basis for the processing exists.
- You object to the processing pursuant to Article 21 (1) GDPR and there are no legitimate grounds for the processing (e.g. statutory retention periods), or you object to the processing pursuant to Article 21 (2) GDPR.
- The personal data was processed unlawfully.
- The deletion of the personal data is required to fulfill a legal obligation under applicable union or national law.
- The personal data was collected in relation to information society services which were offered pursuant to Article 8 (1) GDPR.
Where we have made personal information public and are required to delete it, we will implement appropriate measures – taking into account the available technology and implementation costs, including technical measures – to inform the respective data controllers processing your personal data that you have requested the deletion of any links to – or copies or replications of – said personal data.
4.4 Right to restrict processing
You have the right to ask us to restrict the processing of your personal data if one of the following conditions applies:
- the accuracy of the personal data is disputed by you for a period of time that allows us to verify the accuracy of the personal data;
- the processing is unlawful and you refused the deletion of the personal data and requested instead the restriction of the use of the personal data;
- the personal data is no longer required for the purposes of processing, but you need the data to assert, exercise or defend legal claims;
- You have objected to the processing pursuant to Article 21(1) GDPR, as long as it has not yet been determined whether the legitimate reasons of our company outweigh yours.
4.5 Right of data portability
You have the right to receive the personal data relating to you that you have provided to us in a structured, commonly used and machine-readable format, and you have the right to transfer that data to another controller without hindrance from us, provided that
- the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR; and
- the processing is carried out using automated procedures.
In exercising your right to data portability pursuant to paragraph 1, you have the right to arrange for the personal data to be transmitted by us directly to another data controller, insofar as this is technically feasible.
4.6 Right of objection
You have the right, for reasons related to your personal situation, to object at any time to the processing of your personal data pursuant to the first sentence of Article 6 (1) (e) or (f) GDPR; this also applies to profiling based on these provisions. If you object, we will not process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or if the processing serves the purpose of enforcing, pursuing or defending against legal claims.
If your personal data is processed by us for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling, to the extent that it is associated with such direct advertising.
4.7 Right to revoke your consent with regard to data protection
You have the right to revoke your consent to the processing of your personal data at any time.
4.8 Right of appeal to a supervisory authority
Should you believe the processing of your personal data to be unlawful, you have the right to appeal to a supervisory authority, in particular in the Member State of your place of residence, your place of work or the place of the alleged breach, in accordance with Article 77 GDPR.
A list of the supervisory authorities (for the non-public area) with addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
4. Data security
We endeavor to implement all technical and organizational security measures that are necessary to protect your personal data against unauthorized access and misuse at all times. We only process your personal data if we are able to do so in accordance with the applicable data protection legislation.
If personal data is stored or processed, the associated activities are carried out exclusively by certified data center operators (see "Hosting"). To ensure the security of your data during transmission, we use encryption technologies (such as SSL) over HTTPS. Our servers are protected by firewalls and antivirus software. Furthermore, back-up and recovery procedures as well as role and authorization concepts are a matter of course for us.
Our employees are obliged to observe the regulations of the GDPR and the German Federal Data Protection Act (BDSG) when handling data.
5. Automatic decision-making
We do not conduct automated decision-making on the basis of the personal data we collect.
6. Transfer of data to third parties, no data transfer to non-EU/EEA countries
In principle, we use your personal data exclusively within our company.
If and to the extent that we engage third parties for the performance of contracts, they only receive transmitted personal data within the scope necessary to perform the corresponding service.
In the event that we outsource certain parts of the data processing ("order processing"), we contractually obligate our processors to use the personal data exclusively in accordance with the applicable data protection legislation and to ensure the protection of the data subject's rights.
7. Collection of personal data when using WSW products
In principle, you can visit our website without submitting any personal information. When you register to access our personalized member's area (customer login), our support staff will ask you to submit personal information, such as your name and e-mail address. All data and information relating to your identity will be stored on the server of WSW and its respective contractors; however only if you explicitly provide us with this information. This process is made visible to you and requires your explicit consent.
7.1 Collection of Personal Data for the Use of Qumbu Software
If you request a download link on our Qumbu product page for a free, 30-day trial versions, we only require your e-mail address for this.
If you request a quote for a license after the trial version expires, we will also request details of your business address as well as a contact name. All data and information relating to your identity will be stored on servers of corresponding contractual partners as well as WSW, however only if you explicitly provide us this with this information. This process is made visible to you and requires your explicit consent.
- Scope of Processing of Personal Data
The data you enter in the form fields.
- Legal Basis for Processing Personal Data
According to Article 6 (1) b GDPR (implementation of pre-contractual measures or contractual fulfillment).
- Purpose of Data Processing
The data is processed for the purpose of handling your inquiry and thereby allowing us to fulfill the contract.
- Duration of Storage
The data will be deleted as soon as these are no longer required for the processing of orders and no further statutory storage periods apply. This will generally be after 10 years (cf. Section 147 (2) in conjunction with (1) Nos. 1, 4 and 4a of the tax code, Section 14b (1) of the VAT act).
- Right of Revocation
The right of revocation is based on the general regulations regarding the right of revocation and deletion under data protection law as set out in this data privacy statement under 3. Rights of data subjects.
Version date: September 2021 / Version 2.0