Privacy policy

The protection of your personal data is important to us. Your personal data will therefore be processed in accordance with the statutory data protection regulations. In our “Data protection information” we inform you about the processing of your personal data by us and the rights to which you are entitled under the General Data Protection Regulation (“GDPR”). In our “Data protection information” you will find all relevant information on the processing of your personal data when you visit our website.

If you wish to change your data protection settings, you can adjust your consent at here.

Last update: 10.07.2023

Data protection information of Westernacher Solutions GmbH

We hereby inform you about the processing of your personal data by Westernacher Solutions GmbH and the rights to which you are entitled under the GDPR.

Person responsible

Westernacher Solutions GmbH
Columbiadamm 37
10965 Berlin, Germany
Phone: + 49 30 5858122-5
E-mail: solutions@westernacher.com

Data protection officer

You can reach our data protection officer at

Krisp Services GmbH & Co KG
Mrs. Heike Kraus
Von-Reichenau-Str. 6a
69231 Rauenberg
Tel: +49 6222 938666
E-mail: westernacher@krisp.services

Personal data processed by us

We process personal data in various contexts:
Personal data of our customers, suppliers and service providers are processed for the execution of orders, for invoicing and subsequent accounting as well as for administration and contact. This includes:

  • Master data (surname, first name, address, contact data, payment data, partner status, partner number)
  • Communication and order data (times and content of conversations, orders placed, order history)
  • Data on order execution (order date, service content, cost estimate or invoice, information on order execution, deadlines, etc.)

Purposes and legal bases of data processing

We process your personal data in accordance with the provisions of the GDPR and the German Federal Data Protection Act (BDSG).

The legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR, i.e. the data is required for the performance of a contract or pre-contractual legal relationship. Insofar as special categories of personal data are required for this, we request your prior consent in accordance with Art. 9 para. 2 lit. a GDPR in conjunction with Art. 7 GDPR. We also process your data if this is required under Art. 6 para. 1 lit. f GDPR is required to protect our legitimate interests or those of third parties. This may be the case in particular:

  • to advertise our own products and other comparable products of the group of companies
  • to ensure the security of our systems
  • for the prevention and investigation of criminal offenses, in particular data analysis to detect indications that could point to abuse

In addition, we process your personal data to fulfill legal obligations (e.g. regulatory requirements, commercial and tax retention obligations). The legal basis for this is the respective legal regulation in conjunction with Art. 6 para. 1 lit. c GDPR.

If you have given your consent, for example for advertising and marketing purposes, the data will also be processed for the purposes stated in the consent. The legal basis for this data processing is Art. 6 para. 1 lit. a GDPR. You can revoke your consent to the use of your personal data for advertising and marketing purposes at any time.

If we wish to process your personal data for any other purpose not mentioned above, we will inform you in advance.

Recipients of your data

If necessary for contract processing, we will transfer your data to other service partners, e.g. to locations of the Westernacher Group for the purposes of project processing and sales. In the context of certain service relationships, your data will, for example to tax authorities, banks, tax consultants for the execution of financial transactions, credit agencies for the collection of information, debt collection agencies for the collection of receivables, lawyers for legal services, disposal companies for the disposal of physical files and data carriers as well as postal and parcel service providers for the execution of postal mailings and dispatch of articles (e.g. brochures).

For further information, please contact the data protection officer using the contact details provided.

Duration of data storage

We delete your personal data as soon as it is no longer required for the above-mentioned purposes and any existing statutory retention periods have expired.

Obligations to provide evidence and retain records arise from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act, among others. The storage periods are then up to ten years.

If claims can be asserted against our company, we will retain the data until expiry of the relevant statutory limitation periods. We retain personal data that is relevant to an existing legal dispute until the legal dispute has been concluded.

Your rights

You can request information about your data stored by us at any time. You also have the right to demand the correction of incorrect data or, if the legal requirements are met, the correction, restriction or deletion of your data.

You can informally object to the use of your data for the purposes of direct advertising or market research or for the needs-based design of telemedia at any time.

You can revoke your consent informally by contacting the data protection officer using the contact details given above. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.

Upon request, we will send you your data stored by us in a structured, commonly used and machine-readable format that you can use for further processing.

To exercise all these rights and for all other questions or complaints about data protection, you can contact our data protection officer at any time using the contact details above.

You also have the right to lodge a complaint with a data protection supervisory authority at any time: https://www.datenschutz-berlin.de/.

Data protection information on the use of our website

On our website at https://www.isidor-software.de we present the ISIDOR software we have developed, the possible functions and the underlying processes.

We hereby inform you about the processing of your personal data by Westernacher Solutions GmbH when using our website and the rights to which you are entitled under the GDPR. Art. 13 GDPR.

Objectives and contacts

This data protection information clarifies the type, scope and purpose of the processing (including collection, processing and use as well as obtaining consent) of personal data when using our website, its functions and content. The data protection information applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the website is run.

The controller is Westernacher Solutions GmbH, Managing Director: Dr. Heiko Pfeffer-Orth, Columbiadamm 37, 10965 Berlin (hereinafter referred to as “provider”, “we” or “us”). For contact details, please refer to our legal notice.

You can contact our data protection officer at any time with a request for information at the following e-mail address:

Krisp Services GmbH & Co KG
Mrs. Heike Kraus
Von-Reichenau-Str. 6a
69231 Rauenberg
Tel: +49 6222 938666
E-mail: westernacher@krisp.services

Transmission security

By default, this website offers the so-called SSL security system (Secure Socket Layer) in conjunction with 128-bit encryption for data transfer in order to protect the data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security measures are continuously adapted in line with technological developments. You can recognize encrypted data transmission by the closed display of a key or lock symbol in the upper status bar of your browser.

Collection of usage data when visiting this website

When you use any website, a range of information about you as a user is collected, which can at least theoretically be linked to a specific user via the IP address, specific user settings, cookies or other identification options. This data is used for technical purposes to display the page and to optimize the page by statistically recording user behavior, but can also be used to redisplay information or entries already made to the user after an abort.

Transmission of browser data and settings
The following describes which usage data is collected on this site and which other services are used on this site. In the case of purely informational use of the website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our hosting provider. We host our website with our processor Raidboxes (Raidboxes GmbH, Hafenstraße 32, 48153 Münster, Germany). Connection data is processed for the purpose of providing and delivering the website. For the sole purpose of delivering and providing the website, the data is not stored beyond the call. The legal basis for data processing is the legitimate interest (absolute technical necessity for the provision and delivery of the “website” service expressly requested by you by calling it up), Art. 6 para. 1 lit. f GDPR. In order to operate the website, the connection data and other personal data are also processed as part of various other functions and services. Detailed information on this is provided in this data protection notice for the individual functions and services.

We log and save log files on the server side, in particular in the event of errors, e.g. log-ins. IP addresses are stored for up to 365 days. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR, the legitimate interest in error analysis and correction.

As part of the above-mentioned logging and for display purposes, the following data is collected, which is technically necessary to display our website to you and to ensure its stability and security. The legal basis for processing is Art. 6 para. 1 lit. f GDPR (legitimate interest):

  • IP address
  • Date and time of the request
  • Content of the request (specific page)
  • Access status / https status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser used
  • Operating system
  • Language and version of the browser software
  • Referrer (origin page)
  • Other technical parameters, e.g.
    • JavaScript support
    • Number and type of installed plug-ins
    • Size of the browser window
    • Resolution of the screen
    • Supported languages
    • Installed fonts

Basic information on data processing

We process your personal data as a user of our website in compliance with the relevant data protection regulations in accordance with the principles of data minimization and data avoidance. This means that your data will only be processed if there is legal permission or if required by law or if you have given your consent.

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and that the data processed by us is protected against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.

Recipients outside the EU
When using the website, it may also be necessary to transfer your personal data to a country outside the EU or the EEA (hereinafter referred to as a third country). Usage data may be transferred outside the EU if various providers of advertising services, analysis services or services integrated into this website are based outside the EU and parts of the processing within the scope of these services are carried out via servers outside the EU. Reference is made to these services below by means of corresponding notes. In these cases, only the data required for processing is transferred, but no adequate level of data protection can be guaranteed for processing abroad or by the recipient.

The legal basis for the international transfer is your consent to this use of services in accordance with Art. 49 para. 1 lit. a GDPR. The granting of this consent is explained in the section “Tools and services”. The transfer to certain third countries entails the risk that your data may be read and analyzed by secret services and security authorities of the respective country without adequate legal protection or appropriate constitutional guarantees. As a result, there is a possibility that your personal profile may be created without your knowledge, the evaluation of which may lead to actual restrictions by these countries or to further checks by these countries.

In order to be able to offer you additional legal guarantees, standard contractual clauses are generally also concluded for the services used. In some cases, the integrated service is offered by a company based in Europe, but the data processing is carried out for certain processing purposes by a parent company based outside the EU. In these cases, the subsidiary established in Europe is responsible for ensuring compliance with the level of data protection (e.g. by concluding standard contractual clauses).

For further information, please contact the data protection officer using the contact details provided.

Your rights

As the data subject, you have the following rights vis-à-vis us:

Information
You can request information about your data stored by us at any time using the above-mentioned contact details of Westernacher Solutions GmbH or the data protection officer, Art. 15 GDPR.

Rectification, erasure and restriction
You also have the right to request the rectification of inaccurate data or, if the legal requirements are met, the rectification, erasure or restriction of the processing of your personal data, Art. 16, 17 and 18 GDPR.

Data portability
Upon request, we will provide you with your data stored by us in a structured, commonly used and machine-readable format that you can use for further processing, Art. 20 GDPR.

Please send your request to the e-mail address datenschutz@westernacher.com.

Any transmission requires your unambiguous authentication as the data subject or can only be made to an address already stored in your data.

Contradiction

You can informally object to the use of your data for the purposes of direct advertising or market research at any time, Art. 21 GDPR.

Consent given on this page can also be revoked informally using the contact details given above or via the links provided for this purpose on this website or in the e-mails that are based on your consent. This does not affect the lawfulness of the processing carried out until the revocation.

You can object to the use of web analysis tools, tracking services, re-targeting services and the collection of your usage data in general by clicking on the relevant links for the services in this privacy policy.

You can revoke the storage of your data when using the contact form on this page informally using the contact details above. In this case, we will no longer process your data unless there are compelling reasons for further storage that are worthy of protection and outweigh the revocation or the processing serves to pursue legal claims.

Right to lodge a complaint
You also have the right to lodge a complaint with a data protection supervisory authority at any time.

If you have any questions or complaints about data protection, you can also contact our data protection officer at any time using the contact details given above.

Own services

Contact form
You can contact us directly via a contact form on our website. All obligatory information is marked as mandatory. The data is transmitted via a secure SSL connection. We then process the personal data entered by you for the purpose of processing your request on the basis of your consent given prior to sending in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. a GDPR.

The data you provide will only be used to support you with your request. Your data will be stored as a process for reasons of traceability and for customer support and will be stored for three months after completion of the process and then deleted. You can informally withdraw your consent to the processing of your personal data at any time by contacting the data protection officer using the contact details provided. This does not affect the lawfulness of the processing carried out until the revocation.

Friendly Captcha
To avoid spam messages and bot activity, we use the Friendly Captcha service in connection with our contact form.

A JavaScript element is integrated into the source code of our website, which loads the software in the background. For this service, your end device calculates the solution to a crypto puzzle in order to be able to understand whether the user or visitor to our website is a human being or whether the use is made by automated, machine processing (e.g. bots).

The service helps us to prevent automated attacks that could lead to risks in our infrastructure. The service therefore helps us to prevent fraudulent activities.

By using the service, the following data is processed:

  • Browser, operating system, referrer (previous websites)
  • Date and time of the request
  • Version of the Friendly Captcha service used
  • Hash value (one-way encryption) of the incoming IP address (the IP address is discarded, only the hash value is saved)
  • Number of requests from the (hashed) IP address per time period
  • Answer to the math problem solved by the visitor’s computer
  • No cookies are used

The legal basis for this processing is our legitimate interest pursuant to Art. 6 (1) lit. f GDPR and serves to prevent potentially fraudulent activities on our website.

The provider of the service is Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee.

Further information on data protection at Friendly Captcha can be found at: https://friendlycaptcha.com/de/legal/privacy-end-users/.

Tools and services

Functionality and types of cookies
Cookies are small text files that are saved by your browser and stored on your end device. They contain various data, e.g. duration of the website visit or user input, but may also contain identification codes for recognition. They may originate both from us as the website provider (so-called first-party cookies) and, in the case of cooperation with third parties, also from them (so-called third-party cookies) and may be stored for different periods of time (e.g. for the duration of use of the website up to several weeks and years).

You can set your browser so that you are notified as soon as cookies are sent. You can also delete the cookies on your computer’s hard disk yourself at any time. You can prevent the storage of cookies in your browser by restricting or deactivating the storage and reading of cookies via the menu bar “Tools > Internet options > Privacy” (Internet Explorer) or “Settings > Privacy” (Firefox). In this case, the full functionality of the website will no longer be available to you.

First-party cookies
Our website uses first-party cookies, so-called “session cookies”. They are used to store data relevant to the website visit or to recognize your computer during your visit. These cookies do not require consent and guarantee the full technical functionality of the website. The legal basis for processing is § 25 para. 2 No. 2 Telecommunications Telemedia Data Protection Act (TTDSG).

Third-party cookies
If we work with third parties, you will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the following paragraphs on the respective third-party service providers. The legal basis for processing is your consent, § 25 para. 1 sentence 1 TTDSG, or Art. 6 para. 1 lit. a GDPR.

Use of the Borlabs cookie consent tool
This website uses the “Borlabs Cookie” tool to obtain the consent required for the use of certain cookies or pixels. In order to fulfill the consent requirements under the GDPR when using cookies and similar technologies, a banner with corresponding information is displayed at the beginning of the website use. For this purpose, you can either agree to the setting of all cookies provided on this website, select an individual setting based on certain cookie categories or not give your consent, so that only cookies that do not require consent are used (first-party cookies).

The selected setting is stored on your computer for one year by means of a cookie from the provider Borlabs GmbH, Managing Director Benjamin A. Bornschein, Hamburger Str. 11, 22083 Hamburg, Germany, on your computer for one year, unless you clear the cache of the browser you are using. This cookie is necessary for the operation of the site and does not require consent. Its use is justified by the legitimate interest in operating the website in compliance with the law and taking into account settings once selected on subsequent website visits without having to make them again (Art. 6 para. 1 lit. f GDPR).

Further information on the use of the data transmitted during use can be found at https://de.borlabs.io/datenschutz/. In addition to this consent relating to our pages, many service providers offer their own links for cross-website data protection objections, which we refer to in our data protection information for the sake of completeness. Consents given on our website using the Borlabs tool do not result in the revocation of such existing or future objections to individual providers.

Usage data may be transferred outside the EU if various providers of advertising services, analysis services or services integrated into this website are based outside the EU and parts of the processing within the scope of these services are carried out via servers outside the EU. The admissibility under data protection law with regard to the international transfer therefore only arises here through your consent to this use of the service, Art. 49 para. 1 lit. a GDPR. The risks associated with such a transfer are described under “Transfers to recipients outside the EU”.

The adjustment and/or revocation of cookie settings already made can be made at any time here.

Allocation of responsibility for external services
All services of third-party providers (third-party services, service providers) include a transmission to the service providers and, if applicable, a transmission to the service providers. the service providers’ own processing operations. We conclude the necessary contractual arrangements with the relevant third-party providers. If services are provided under joint responsibility in accordance with. Art. 26 GDPR, then both we and the corresponding service provider are jointly responsible for the purposes and means of processing the data. Which processing is carried out by whom must be contractually regulated with the service provider. The service provider (joint controller) is then regularly responsible for mergers and personal evaluations of usage data, naming and justifying the legal basis of its own processing and, if necessary, providing anonymized evaluation results for our website.

As joint controllers, we are responsible for setting the respective cookies and transmitting the usage data from our website. However, you can assert your data subject rights against both jointly responsible parties irrespective of this allocation.

In many cases, service providers only offer outdated or inadequate contracts that do not yet meet the current requirements of the data protection supervisory authorities. Nevertheless, the existing contracts are regularly concluded automatically and unalterably when the service is used. It is assumed that the service providers will make the adjustments announced here. Irrespective of this, any transfers currently taking place on our part are fully based on the consents obtained with the privacy settings banner (see above under “Use of the Borlabs tool for cookie consent“).

Analysis service: Google Analytics 4
Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is used for the purpose of improving the needs-based design of the website and analyzing the general usage behavior of users on the website (hereinafter “GA4”).

GA4 uses cookies. Google Ireland Ltd. is independently responsible for forwarding data to countries outside Europe. The legal basis for this processing is your consent, Art. 6 para. 1 lit. a GDPR.

The service is obtained exclusively from Google Ireland Ltd. If the data is forwarded to US servers or other servers outside Europe, Google is responsible for the lawfulness of the transfer, in particular for sufficient guarantees of data protection. By consenting to the service mentioned here, you also consent to any data transfers we make outside the EU, even if there are no further guarantees and no adequacy decision to ensure the level of data protection, Art. 49 para. 1 lit. a GDPR. Re. the security risks in this regard, reference is made to “Transfers to recipients outside the EU“.

We have activated the IP anonymization offered by Google on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area prior to use and further transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use the information collected through the use of cookies to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. Further information on the use of data by Google, setting and revocation options can be found on Google’s websites:

(Google Privacy Policy): https://policies.google.com/privacy?hl=de&gl=de

as well as under the terms of use (Terms): https://policies.google.com/terms?hl=de&gl=de, as well as under:

The IP address transmitted by your browser as part of GA4 is not merged with other Google data (see anonymization).

You can prevent the storage of cookies in your browser cache by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

In addition to the settings made for our site, you can also object to this data processing generated by the cookie for the browser you are using at any time with effect for the future by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Please note that the use of the browser plug-in is limited to the respective browser and also to the respective computer and may not be deactivated or deleted after installation in order to maintain the deactivation of Google Analytics. Google’s privacy policy can be viewed at http://www.google.com/intl/de/policies/privacy/.

Google Tag Manager
The Google “Tag Manager” service we use enables us to integrate and manage code snippets such as tracking codes or conversion pixels, which we configure via a web-based user interface. The service collects data on our website and forwards it to the Google Analytics 4 analysis service. The Tag Manager collects data on how individual tags are used. Nevertheless, the service communicates with the server of the provider Google and transfers data, in particular the IP address of the user.

The service is part of the Google Marketing Platform, more information can be found here: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy.

In this context, please also note the further information provided by the service provider Google on the use of GA4:

(Google Privacy Policy): https://policies.google.com/privacy?hl=de&gl=de

as well as under the terms of use (Terms): https://policies.google.com/terms?hl=de&gl=de, as well as under:

Use of social media services and own websites

Our website contains links to the social media services listed below. On the one hand, social media services can act like conventional marketing services towards non-members, but towards members they have the special feature that data collected via this website can be linked to the existing member account.

A basic distinction must be made between different services and functions of social media services. On the one hand, social media services offer to place user-customized advertising on their platforms or to display advertising on linked pages, taking their user profiles into account. In addition, they can be used via social plug-ins (e.g. Like-me or Share-me buttons) for the distribution and promotion of page content by users. In addition to this website, there may also be separate pages for our company presentation on the social media platform.

You can find us on the following platforms:

We have concluded the necessary data protection agreements with the respective service providers. The purpose and scope of data collection, further processing and use of the data by the social networks as well as your rights in this regard and setting options to protect your privacy can be found in the data protection notices of the respective social networks, which are described in detail below.

On the one hand, we link to the relevant pages on our website. We also offer the option of sharing our content in the aforementioned social media services in certain areas using share buttons. These are links to websites that are not protected under Art. 6 para. 1 lit. a GDPR are subject to consent. We use these linking options to improve the reach and visibility of the company and rely on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

LinkedIn
LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) is used to network professionals and executives worldwide. Registered users can interact with each other to increase business and career opportunities. On our website you have the option of being forwarded directly to our LinkedIn profile.

Our LinkedIn profile:
When you visit our LinkedIn profile, you are on the LinkedIn platform. The evaluation data of the website provider is only made available to us in anonymized form (statistical values). The joint responsibility described above exists for the data processing required for this purpose.

Our legal basis for data processing here is the legitimate interest in counting the users of our LinkedIn profile, Art. 6 para. 1 lit. f GDPR. This relates to our interest in measuring and evaluating page effectiveness.

LinkedIn marketing services:
Through pixels and the link to our LinkedIn profile, LinkedIn collects data about the use of our site (browser and device settings, usage times and objects, existing identifiers). The purpose is to display user-customized advertising on the LinkedIn platform. The basis for this data transmission from our website is your consent given at the beginning of the first use of the site, Art. 6 para. 1 a GDPR.

Further information can be found in the privacy policy at: https://de.linkedin.com/legal/l/dpa? (you may need to select your preferred language setting at the bottom of the LinkedIn page in the footer area). The joint controller agreement and the respective responsibilities can be found at: https://legal.linkedin.com/pages-joint-controller-addendum.

Xing
XING (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany) is a social network that offers the creation of company pages in addition to private profiles. Company information (e.g. service descriptions, contact options, photos) can be documented on these pages. XING users have access to this information. You can also write your own posts and share content. The functions are carried out under the user’s own responsibility.

Our XING profile:
When you visit our XING profile, you are on the XING platform. The evaluation data of the website provider is only made available to us in anonymized form (statistical values). The joint responsibility described above exists for the data processing required for this purpose.

Our legal basis for data processing here is the legitimate interest in counting the users of our XING profile, Art. 6 para. 1 lit. f GDPR. This relates to our interest in measuring and evaluating page effectiveness.

Further information can be found in the privacy policy at: https://privacy.xing.com/de/datenschutzerklaerung. The joint controller agreement and the respective responsibilities can be found at: https://www.xing.com/terms/onlyfy-one#h2-vereinbarung-zur-gemeinsamen-datenschutzrechtlichen-verantwortlichkeit.

Supplementary notes

Changes to security and data protection measures may result in an adjustment to this data protection notice. Please refer to the latest version on our website.

For questions of a general nature, please contact us(solutions@westernacher.com). If you have any questions about data protection, please contact us via the e-mail address: datenschutz@westernacher.com or our data protection officer(westernacher@krisp.services).