Privacy policy

Protecting your personally identifiable information is important to us. We would therefore like to inform you in the following about how your data is being handled, both on this homepage and in principle. In order to fulfill our obligation to provide information according to Art. 12 ff. of the General Data Protection Regulation (GDPR), we would like to make the following information on data privacy available to you:

Who is responsible for the processing of your data?

Within the meaning of data privacy law, the following is the responsible party:

DIE WORTWERKSTATT GmbH
Agentur für Kommunikation
Jahnstrasse 63
72127 Kusterdingen

Phone: +49 7071 156-0
Fax: +49 7071 156-11
E-mail: info@wortwerkstatt.de
Internet: www.wortwerkstatt.de

You will find further information on our company, details about authorized representatives, and other contact details in the site notice on our website.

Information on data processing via this website

The operators of these pages take the protection of your personally identifiable information very seriously. We treat your personally identifiable information confidentially and in accordance with the statutory data privacy regulations and this privacy policy.

If you use this website, various personally identifiable information will be collected. Personally identifiable information is information that could be used to identify you personally. This privacy policy explains what information we collect and what we use it for. It also explains how and why this happens.

We would like to advise you that data transmission over the Internet (e.g., when communicating by e-mail) is always associated with certain security risks. Complete protection of data against access by third parties is not possible.

SSL or TSL encryption

This website uses SSL or TSL encryption for security reasons and to protect the transmission of sensitive content, such as any orders or requests you may send to us as the website operator. You can recognize an encrypted connection when the browser’s address line changes from „http://“ to „https://“ and the padlock icon is displayed in your browser’s address bar. If SSL or TSL encryption is enabled, the data you submit to us cannot be read by third parties.

Server log files

The provider of the web pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include the following:

Browser type and browser version

Operating system used

Referrer URL

Hostname of the accessing computer

Time of the server request

IP address

This data is never merged with other data sources.

This data is collected on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website, and server log files must be recorded to do this.

Security plugin

We use a WordPress plugin to protect against external attacks by hackers and bots (brute force attacks, login hacking). In order for it to be possible to initiate appropriate countermeasures in the event of any attacks, this plugin stores the IP addresses of the users who visit our site. The IP addresses are only stored in the local WordPress database and not transmitted to third parties.

The use of iThemes Security is in the interest of safe use of our websites and also serves to protect users against malware, Trojans, and so on. This constitutes a legitimate interest according to Art. 6 (1) (f ) GDPR.

Contact form

If you send us inquiries using a contact form, your details from the request form, including the contact details you provided there, will be stored in order to process the request and in case of follow-up questions. We will not share this information without your consent.

The processing of the data entered into the contact form is therefore carried out based exclusively on your consent (Article 6 (1) (a) GDPR). You can revoke this consent at any time. An informal e-mail message to us is sufficient. The legality of the data processing operations carried out up until revocation of consent remains unaffected by the revocation.

The data entered by you in the contact form will remain with us until you ask us to delete it or revoke your consent to its storage, or until the reason for the data storage no longer applies (e.g., after completion of your request). Mandatory statutory provisions, especially retention periods, remain unaffected.

Which of your data is processed by us? And for what purpose?

If we receive data from you, we will only process it for the purposes for which we received or collected it.

Data processing for other purposes can only be considered if the necessary legal requirements pursuant to Art. 6 (4) GDPR have been met. In this case, we will of course comply with any obligation to provide information under Art. 13 (3) GDPR and Art. 14 (4) GDPR.

What is the legal basis for this?

The legal basis for processing of personally identifiable information is Art. 6 GDPR, unless there are specific legal provisions. In particular, the following possibilities are relevant here:

Consent (Art. 6 (1) (a) GDPR)

Data processing for the performance of contracts (Art. 6 (1) (b) GDPR

Data processing on the basis of weighing of interests (Art. 6 (1) (f) GDPR)

Data processing to fulfill a legal obligation (Art. 6 (1) (c) GDPR)

If personally identifiable information is processed on the basis of your consent, you have the right to revoke this consent at any time with effect for the future.

If we process data on the basis of a weighing of interests, you as the data subject have the right to object to the processing of personally identifiable information, taking into account the provisions of Art. 21 GDPR.

How long is the data stored?

We process the data as long as this is necessary for the respective purpose. Insofar as legal retention obligations exist – under commercial law or tax law, for example – the relevant personally identifiable information shall be stored for the duration of the retention obligation. After expiration of the retention obligation, a check is carried out for whether processing is still necessary. If a requirement no longer exists, the data is deleted.

As a matter of principle, we regularly evaluate data with regard to the need for further processing. Due to the quantity of data, this check is carried out with regard to specific types of data or processing purposes.

You can of course request information about your personally identifiable information stored by us at any time (see below) and, if it is not necessary to retain the data, request that the data be deleted or that its processing be limited.

To which recipients will the data be forwarded?

Public bodies and institutions if there is a legal or official obligation to do so.

In rare individual cases of maintenance or fault analysis, hardware or software support partners of hardware may be commissioned. Contractual provisions on limiting the use of data to proper purposes and confidentiality according to applicable law will be concluded with these partners.

Your personally identifiable information will only be disclosed to third parties if this is necessary for the execution of the contract with you, if the disclosure is permissible on the basis of a weighing of interests within the meaning of Art. 6 (1) (f) GDPR, if we are legally obliged to disclosure, or if you have given consent to disclose your information.

Information on the newsletter and consent

The following information is intended to inform you about the content of our newsletter, the subscription, shipping and statistical evaluation procedures, as well as your right of objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.

Content of the newsletter

We send newsletters, emails and other electronic notifications with advertising information (hereinafter “newsletter”) only with the consent of the recipient or legal permission. Insofar as the content of the newsletter is concretely described as part of a subscription, it is relative for the consent of the users. Otherwise, our newsletters only contain information on our agency’s current developments, in-house personal data and reference projects, as well as up-to-date information on developments in the communications industry.

Double opt-in and logging

Subscribing to our newsletter is part of a so-called double opt-in procedure. This means that you will receive an email after subscribing requesting you to confirm your subscription. This confirmation is necessary so that nobody can subscribe with an email address that is not their own. Subscription to the newsletter will be logged as proof of the subscription process in accordance with legal requirements. This includes the storage of the subscription and confirmation time as well as the IP address. Similarly, changes to your data stored with MailChimp will be logged.

USE OF THE “RAPIDMAIL” MAILING PLATFORM

This website uses Rapidmail to send newsletters. The provider of this service is rapidmail GmbH, Augustinerplatz 2, 79098 Freiburg i.Br., Germany.

Rapidmail is a service that organizes and analyzes the distribution of newsletters, among other things. The data you enter to subscribe to our newsletter is stored on Rapidmail servers in Germany.

STATISTICAL DATA COLLECTION AND DATA ANALYSIS BY RAPIDMAIL

For the purpose of analysis, e-mails sent with Rapidmail contain a so-called “tracking pixel” that connects to the Rapidmail servers when the e-mail is opened. This allows us to determine if a newsletter message has been opened.

Furthermore, with the help of Rapidmail, we can determine whether and which links in the newsletter message are clicked on. All links in the email are so-called tracking links that can be used to count your clicks. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our nor Rapidmail’s intention to observe individual users. Rather, the evaluations help us to recognize the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

If you do not want to allow analysis by Rapidmail, you must unsubscribe from the newsletter. We provide a link for this purpose in every newsletter message.

For more information about Rapidmail’s analysis functions, please follow this link: https://de.rapidmail.wiki/kategorien/statistiken/.

LEGAL BASIS

Data processing is based on your consent (Art. 6 para. 1 lit. a GDPR). You may revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

REGISTRATION DATA

To register for the newsletter, it is sufficient to provide your e-mail address.

Optionally, we ask you to provide your first and last name. This information is used solely to personalize the newsletter. For reasons of data economy, only your e-mail address is required for registration.

LEGAL BASIS

The data deposited with us for the purpose of obtaining the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data stored by us for other purposes remain unaffected.

After you unsubscribe from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist is used only for this purpose and not merged with other data. This serves both your interest and our interest in complying with the legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

For more details, please consult the data protection information of Rapidmail at: https://www.rapidmail.de/datensicherheit.

DATA PROCESSING

We have concluded a contract for order processing (AVV) for the use of the above-mentioned service. This is a contract prescribed by data protection law that ensures that the personal data of our website visitors is processed only in accordance with our instructions and in compliance with the GDPR.

ONLINE ACCESS AND DATA MANAGEMENT

There are cases in which we redirect newsletter recipients to the Rapidmail website. For example, our newsletters contain a link that newsletter recipients can use to access the newsletters online (e.g. in the event of display problems in the email program). Furthermore, newsletter recipients can correct their data, such as their email address, at a later date. Likewise, Rapidmail’s privacy policy is only available on its website.

In this context, we would like to point out that cookies are used on the Rapidmail websites and that personal data is therefore processed by Rapidmail, its partners and service providers (e.g. Google Analytics). We have no influence over this data collection. Further information can be found in Rapidmail’s privacy policy.

We would also like to draw your attention to the possibilities for objecting to data collection for advertising purposes on the websites http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (for the European area).

CANCELLATION/WITHDRAWAL

You can cancel the receipt of our newsletter at any time, i.e. withdraw your consent. At the same time, your consent to the sending of the newsletter via Rapidmail and the statistical analyses will expire. Unfortunately, it is not possible to revoke the consent to the sending via Rapidmail or the statistical analysis separately.

You will find a link to unsubscribe from the newsletter at the end of each newsletter.

LEGAL BASIS: GENERAL DATA PROTECTION REGULATION

In accordance with the requirements of the General Data Protection Regulation (GDPR), which will apply from May 25, 2018, we inform you that consent to the sending of e-mail addresses is based on Art. 6 (1) a, 7 GDPR and § 7 (2) no. 3, or (3) UWG. The use of the Rapidmail distribution platform, the performance of statistical surveys and analyses, and the logging of the registration procedure are carried out on the basis of our legitimate interests in accordance with Art. 6 (1) point f GDPR. We are interested in using a user-friendly and secure newsletter system that serves both our business interests and the expectations of our users.

We would also like to point out that you can object to the future processing of your personal data in accordance with the legal requirements pursuant to Art. 21 GDPR at any time. In particular, you can object to the processing of your data for direct marketing purposes.

Note on the newsletter based on a template from Dr. Thomas Schwenke, lawyer.

Matomo

Matomo is software that is used for the purposes of web analysis and reach measurement.

When Matomo is used, cookies are generated and stored on the user’s end device. The user data collected when using Matomo is only processed by us and is not shared with third parties. The cookies are stored for a maximum period of 13 months: https://matomo.org/faq/general/faq_146/

Legal basis: Consent (Art. 6 para. 1 sentence 1 lit. a) GDPR); Deletion of data: The cookies are stored for a maximum period of 13 months.

hCaptcha

We use “hCaptcha” (hereinafter referred to as “hCaptcha”) on this website. The provider is Intuition Machines, Inc., 2211 Selig Drive, Los Angeles, CA 90026, USA (hereinafter referred to as “IMI”).

hCaptcha is being used to determine whether the entry of data into this website (e.g., into a contact form) is being processed by a person or an automated program. For this purpose, hCaptcha analyzes the behavior patterns of website visitors on the basis of several characteristics.

This analysis begins automatically as soon as the website visitor enters a website with the activated hCaptcha feature. For the analysis, hCaptcha uses a wide range of information (e.g., the IP address, time spent on the website or mouse actions taken by the user). The data recorded during this analysis is forwarded to IMI. If hCaptcha is used in the “invisible mode,” the analyses are completely conducted in the background. Website visitors are not alerted to the performance of an analysis.

The storage and analysis of the data occurs on the basis of Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in protecting the operator’s web presentations against abusive automatic spying and SPAM. In the event that respective consent has been obtained, the data will be processed exclusively on the basis of Art. 6 (1)(a) GDPR and § 25 (1) TDDDG, if the consent comprises the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) as defined in the TDDDG (German Telecommunications Act). Such consent may be revoked at any time.

The processing of data is based on Standard Contract Clauses, included in the Data Processing Supplement to the General Terms and Conditions of IMI or in the data processing agreements.

For further information on hCaptcha, please consult the Data Protection Policy and Terms of Use under the following links: https://www.hcaptcha.com/privacy and https://hcaptcha.com/terms.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/6388.

Google Fonts

This site uses so-called Google Fonts, which are provided by Google, to ensure fonts are displayed consistently. When you access a page, your browser loads the required fonts into your browser cache to display text and fonts correctly.

To do this, the browser you use has to establish a connection with Google’s servers. As a result, Google learns that your IP address has been used to access this website. Google Fonts are used on the basis of Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in a uniform presentation of the font on the operator’s website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

If your browser does not support Google Fonts, a default font will be used by your computer.

For more information about Google Fonts, please visit https://developers.google.com/fonts/faq and read Google’s privacy policy: https://policies.google.com/privacy

The company is certified according to the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the United States designed to ensure compliance with European data protection standards for data processing in the United States. Every DPF-certified company is obliged to comply with these data protection standards. Further information is available from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780.

Job applications

You have the opportunity to apply for jobs advertised by us. For this purpose, you provide us with personally identifiable information, which we process exclusively for the application process. In order to process your application conscientiously, your documents will be stored on the server of DIE WORTWERKSTATT GmbH.

After your data has been saved, our employees have access to your data, which is integrated in the applicant selection and application process. This applies regardless of the channel through which your application entered our system (online or in paper form). We process the data entered on the basis of Section 26 (1) of Germany’s Federal Data Protection Act (FDPA) insofar as this is necessary for the decision on the establishment of an employment relationship.

Your data will be completely deleted three months after receipt at the latest. Application documents submitted in paper form will be returned to you by postal mail.

Your rights

You have the right to information about the personally identifiable information about your person that we process.

In case of a request for information which is not made in writing, we ask for your understanding that we may then request proof from you that you are the person who you claim to be.

Furthermore, you have the right to correction or deletion or to restriction of the processing of your information to the extent to which you are legally entitled to this.

You also have the right to object to processing of your information within the scope of the statutory provisions. The same applies to your right to data portability.

In particular, you have a right to object under Art. 21 (1) and (2) GDPR to the processing of your data in conjunction with direct advertising if this occurs on the basis of weighing of interests.

To do so, please contact us via email: datenschutz@wortwerkstatt.de or by mail:

DIE WORTWERKSTATT GmbH
Subject: Revoke data collection WORTWERKSTATT
Jahnstraße 63
72127 Kusterdingen

Via this contact option, you can also let us know about all other questions concerning data protection.

Right to lodge a complaint

You have the right to complain to a data protection supervisory authority about the processing of personally identifiable information by us.

Objection to advertising emails

We hereby expressly object to the third-party use of contact data, which has been published in accordance with legal notice requirements, for the transmission of unsolicited advertising and information material. The website operators reserve the right to take legal action against unsolicited transmission of advertising and information material, such as spam mails, etc.