Data Privacy Statement

About data protection for customers
About data protection for suppliers


We at BWT water+more Deutschland GmbH are delighted that you are visiting our website. We take the protection of your data and privacy extremely seriously. Your personal data will always be processed in accordance and compliance with the EU General Data Protection Regulation (GDPR). This data privacy statement sets out the nature, extent and purpose of the personal data we process and explains what rights you have over them.


1 General


The Data Privacy Statement of BWT water+more Deutschland GmbH is based on the terminology used in the GDPR.

“Personal data” means all information that relates to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. “Non-personal data” are anonymised details that cannot be traced back to data subjects under any circumstances. Non-personal data are not therefore subject to data protection regulations.

“Data subject” means any identified or identifiable natural person whose personal data are processed by the controller.

“Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

“Third party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

“Consent” means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.


2 Name and address of the controller


BWT water+more Deutschland GmbH
Konrad-Adenauer-Ring 13
65187 Wiesbaden
Tel. +49 611 58019-0
Fax +49 611 58019-22
email info (at) water-and-more [punkt] de

The representatives of the controller are the managing directors, Dr. Frank Neuhausen and Dragan Dekic.


3 Data protection officer


You can contact our data protection officer using the email address datenschutz (at) water-and-more [punkt] de or by sending a letter to our postal address marked for the attention of “der Datenschutzbeauftragte” [data protection officer].


4 Processing of personal data


4.1 Visiting our website


4.1.1 Description and extent of the data processing

When you visit our website, for technical reasons your browser transmits the following data (known as server log files) to our server:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Operating system and its access status / HTTP status code
  • Data quantity transmitted
  • Website from which the request is made (referrer URL)
  • Browser, language and version of the browser software


4.1.2 Purpose of data processing

These data have to be stored in log files in order to make the website accessible.


4.1.3 Legal basis for the processing

We collect these data on the basis of our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in presenting our website and guaranteeing its security.


4.1.4 Duration of storage

For security reasons (e.g. in order to identify any instances of fraud or abuse), information in the log files will be stored for seven days and then erased. Data whose further retention is required for evidential purposes are excluded from erasure until the relevant matter has been finally resolved.


4.1.5 Right to object and right of removal

The recording of data for the provision of the website and their storage in log files are essential for operation for technical reasons. Users do not therefore have any right to object.


4.2 Web analysis


4.2.1 Description, extent and purpose of the data processing, duration of storage

Webalizer and AWStats
The provider of this website uses the web analysis tools Webalizer and AWStats.

These products are what are known as web analysis services that collect, collate and analyse data concerning the behaviour of users of websites. A web analysis service records data on, among other things, the web page from which a data subject accessed the website (the referrer), which sub-pages of the website were accessed or how often and for how long a sub-page was viewed.

The user data collected in this way for analytical purposes are anonymised by technical measures. These make it impossible to attribute the data to the user accessing the site. The data are not stored together with other personal data of users.

Both services store the data they process without any limitation in time. They do not use cookies, and they process only the data of the access log. IP addresses are partially anonymised before being saved in the access log, so they lack the characteristic of reference to a particular person.


4.2.2 Purpose of data processing

These services are used in order to analyse the use of web pages so that the website and its navigation can be improved. The analysis allows information to be obtained on how the particular website is used so that what it offers can be constantly optimised.

These purposes also constitute a legitimate interest of the website operator in the processing of personal data in accordance with Art. 6 (1) (f) GDPR.


5 Data security


In accordance with Art. 32 GDPR, we implement appropriate technical, contractual and organisational measures to ensure a level of security appropriate to the risk, taking into account the state of the art, and to protect the data we process from destruction, loss, alteration and unauthorised access. These security measures also include the encrypted transmission of data between your browser and our servers. Please note that SSL encryption for transmissions executed over the internet is only enabled if the padlock symbol is shown in the lower menu bar of your browser window and the address begins with https://. SSL (Secure Socket Layer) uses encryption technology to protect the data transmission from illegal access by third parties. Should this option not be available, you can also decide not to send certain data over the internet.

All information that you send us will be stored on our servers in the European Union.


6 Cooperation with commissioned processors and third parties


Data will only be forwarded to third parties on the basis of statutory consent. We will only forward the data of users to third parties if this is required for contractual purposes on the basis of Art. 6 (1) (b) GDPR, for instance, or on the basis of a legitimate interest pursuant to Art. 6 (1) (f) GDPR in the effective and economic operation of our business.

We use subcontractors for the performance of our services, in particular the operation, maintenance and hosting of the online presence and of IT systems. This is done in compliance with the regulations on commissioned data processing set out in Art. 28 GDPR. We have taken appropriate legal precautions and implemented the corresponding technical and organisational measures to ensure the protection of personal data in accordance with the pertinent statutory provisions.


7 Your rights


If we process your personal data, you are a data subject within the meaning of the GDPR and you have the following rights over the personal data concerning you that we hold:

  • Right to access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR)


8 Changes to the Data Privacy Statement


We reserve the right to amend the Data Privacy Statement in response to changes in legislation or in the event of changes to the service and the data processing. However, this applies only in respect of declarations on data processing. If the consent of users is required, or if parts of the Data Privacy Statement contain clauses of contractual relationships with users, the changes will only be made with the consent of users.

Please check our Data Privacy Policy regularly.

 

go up