With the following privacy policy, we would like to inform you about the types of your personal data (hereinafter referred to as "data") we process, for what purposes, and to what extent. The privacy policy applies to all the processing of personal data carried out by us, both as part of the provision of our services and especially on our websites, in mobile applications, as well as within external online presences, such as our social media profiles (hereinafter collectively referred to as "online offering").
The terms used are not gender-specific.
As of: August 20, 2024
WP International Trade GmbH
Peter Hillig
Gartenstraße 63
01156 Dresden
info@wp-international-trade.de
Phone:+49 351 418 815 23
Imprint:https://en.wp-international-trade.de/Impressum.html
The following overview summarizes the types of data processed and the purposes of their processing, and refers to the affected individuals.
Below you will find an overview of the legal bases of the GDPR, based on which we process personal data. Please note that in addition to the regulations of the GDPR, national data protection regulations may apply in your or our place of residence or business. If more specific legal bases are applicable in individual cases, we will inform you of this in the privacy policy.
In addition to the data protection regulations of the General Data Protection Regulation, national data protection regulations in Germany also apply. This includes, in particular, the Act on Protection against Misuse of Personal Data in Data Processing (Federal Data Protection Act – BDSG). The BDSG includes specific regulations on the right to access, the right to deletion, the right to object, the processing of special categories of personal data, processing for other purposes, and transmission, as well as automated individual decision-making, including profiling. Furthermore, it regulates data processing for employment purposes (§ 26 BDSG), particularly with regard to the establishment, execution, or termination of employment relationships, as well as the consent of employees. Additionally, state data protection laws of individual federal states may apply.
We take appropriate technical and organizational measures to ensure a level of protection appropriate to the risk, in accordance with legal requirements, taking into account the state of the art, the implementation costs, and the nature, scope, circumstances, and purposes of the processing, as well as the varying likelihood and severity of risks to the rights and freedoms of natural persons.
These measures include, in particular, securing the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, input, transmission, availability, and separation of the data. Furthermore, we have established procedures to ensure the exercise of data subject rights, the deletion of data, and responses to data threats. Additionally, we take into account the protection of personal data during the development or selection of hardware, software, and procedures in accordance with the principle of data protection through technology design and privacy-friendly default settings.
SSL Encryption (https): To protect your data transmitted via our online offer, we use SSL encryption. You can recognize such encrypted connections by the prefix https:// in your browser's address bar.
In the course of processing personal data, it may happen that the data is transmitted to other entities, companies, legally independent organizational units, or individuals, or that it is disclosed to them. Recipients of this data may include service providers tasked with IT-related tasks or providers of services and content that are integrated into a website. In such cases, we observe legal requirements and conclude appropriate contracts or agreements with the recipients of your data, in particular to protect your data.
Data transmission within the corporate group: We may transmit personal data to other companies within our corporate group or grant them access to such data. If this transmission occurs for administrative purposes, it is based on our legitimate business and economic interests or is necessary for the fulfillment of our contractual obligations, or when the data subjects have consented or legal permission exists.
Data transmission within the organization: We may transmit personal data to other entities within our organization or grant them access to such data. If this transmission occurs for administrative purposes, it is based on our legitimate business and economic interests or is necessary for the fulfillment of our contractual obligations, or when the data subjects have consented or legal permission exists.
If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if data processing occurs in the context of the use of services of third parties or the disclosure or transmission of data to other individuals, entities, or companies, this will only take place in accordance with legal requirements.
Subject to explicit consent or contractually or legally required transmission, we process or allow the processing of data only in third countries with a recognized level of data protection, contractual obligations through so-called standard contractual clauses of the EU Commission, existing certifications, or binding internal data protection regulations (Art. 44 to 49 GDPR, EU Commission information page: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_en).
The data we process will be deleted in accordance with legal requirements as soon as their consent, which allowed the processing, is revoked, or other permissions expire (e.g., if the purpose of processing this data ceases or it is no longer required for the purpose). If the data is not deleted because it is required for other legally permissible purposes, its processing will be restricted to these purposes. This means the data will be blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons, or whose storage is necessary for the assertion, exercise, or defense of legal claims or to protect the rights of another natural or legal person.
Within the framework of our privacy notices, we can provide users with additional information on the deletion and retention of data that applies specifically to the respective processing processes.
We process data from our contractual and business partners, such as customers and interested parties (collectively referred to as "contractual partners"), within the framework of contractual and comparable legal relationships, as well as related measures and communication with the contractual partners (or pre-contractually), e.g., to respond to inquiries.
We process this data to fulfill our contractual obligations. This includes, in particular, obligations to provide the agreed services, any update obligations, and remedies for warranty and other service disruptions. In addition, we process the data to safeguard our rights and for administrative tasks and corporate organization related to these obligations. Furthermore, we process the data based on our legitimate interests in proper and economically sound business management and in security measures to protect our contractual partners and our business operations from misuse, threats to their data, secrets, information, and rights (e.g., involving telecommunications, transport, and other assistance services, as well as subcontractors, banks, tax and legal advisors, payment service providers, or tax authorities). Within the scope of applicable law, we only disclose the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to fulfill legal obligations. Contractual partners will be informed about further forms of processing, e.g., for marketing purposes, within the framework of this privacy policy.
Which data is necessary for the aforementioned purposes is communicated to the contractual partners before or during data collection, e.g., in online forms, through special labeling (e.g., colors) or symbols (e.g., asterisks), or personally.
We delete the data after the expiration of legal warranty and comparable obligations, i.e., generally after 4 years, unless the data is stored in a customer account, e.g., as long as it must be retained for legal reasons. The statutory retention period for documents relevant to tax law and for commercial books, inventories, opening balances, annual financial statements, the working instructions necessary for understanding these documents, and other organizational documents and booking records is ten years, and for received and sent business letters and reproductions of business letters, it is six years. The period begins at the end of the calendar year in which the last entry was made in the book, the inventory was created, the opening balance or annual financial statement or management report was prepared, the business letter was received or sent, or the booking record was made, or the record or other documents were created.
As far as we use third-party providers or platforms to provide our services, the terms and privacy policies of the respective third-party providers or platforms apply to the relationship between users and the providers.
HubSpot CRM
We use the CRM system HubSpot from HubSpot, Inc., USA, to manage customer relationships, automate marketing processes, and analyze interactions with our customers. HubSpot allows us to store and process your data in a structured way to provide you with relevant information and efficiently handle your inquiries.
Types of data processed: Inventory data (e.g., name, address), contact data (e.g., email address, phone number), usage data (e.g., visited websites, access times), communication data (e.g., content of emails or contact requests).
Legal basis: The processing of your data is based on our legitimate interests (Art. 6 para. 1 sentence 1 lit. f GDPR) in efficient and secure handling of customer inquiries and optimizing our marketing measures. If consent is required, data processing is based on your consent (Art. 6 para. 1 sentence 1 lit. a GDPR).
Data transfer to third countries: Data may be processed by HubSpot on servers in the USA. To ensure the protection of your data, we have concluded EU standard contractual clauses with HubSpot, guaranteeing an adequate level of data protection.
Right to withdraw: You can object to the processing of your personal data by HubSpot at any time or withdraw a given consent. In such a case, your data will be deleted immediately, provided there are no legal retention obligations.
Further notes on processing procedures, methods, and services:
If we provide services in advance or enter into similar economic risks (e.g., purchasing on account), we reserve the right to obtain identity and credit information to assess the credit risk from specialized service providers (credit agencies) to safeguard our legitimate interests.
The information received from the credit agencies about the statistical probability of a payment default is processed by us as part of a proper discretionary decision regarding the establishment, execution, and termination of the contractual relationship. We reserve the right to refuse payment on account or other advances in the case of a negative credit check result.
The decision whether we provide services in advance is made in accordance with Art. 22 GDPR solely on the basis of an automated decision in the individual case, which our software makes based on the credit agency’s information.
If we obtain explicit consent from contractual partners, the legal basis for the credit check and the transmission of customer data to the credit agencies is consent. If no consent is obtained, the credit check is carried out based on our legitimate interests in the security of our payment claims.
Further notes on processing procedures, methods, and services:
To securely and efficiently provide our online services, we use the services of one or more web hosting providers, from whose servers (or servers they manage) the online offering can be accessed. For these purposes, we may utilize infrastructure and platform services, computing capacity, storage space, and database services, as well as security services and technical maintenance services.
The data processed in the context of providing the hosting services may include all information related to users of our online services that arises during use and communication. This regularly includes the IP address, which is necessary to deliver the contents of online services to browsers, and all entries made within our online services or on websites.
Further notes on processing procedures, methods, and services:
When contacting us (e.g., via contact form, email, phone, or social media) as well as in the context of existing user and business relationships, the information of the inquiring individuals is processed as far as necessary to respond to contact requests and any requested actions.
Responding to contact requests and managing contact and inquiry data in the context of contractual or pre-contractual relationships is carried out to fulfill our contractual obligations or to respond to (pre)contractual inquiries and, otherwise, based on legitimate interests in responding to inquiries and maintaining user or business relationships.
Further notes on processing procedures, methods, and services:
We use messengers for communication purposes and therefore ask you to note the following information about the functionality of the messengers, encryption, the use of communication metadata, and your options to object.
You can also contact us through alternative means, e.g., by phone or email. Please use the contact options provided to you or the contact options specified within our online services.
In the case of end-to-end encryption of content (i.e., the content of your message and attachments), we point out that the communication contents (i.e., the content of the message and attached images) are encrypted from end to end. This means that the content of the messages is not visible, not even to the messenger providers themselves. You should always use an up-to-date version of the messengers with activated encryption to ensure the encryption of message content.
We also inform our communication partners that although the providers of the messaging services cannot view the content, they can determine if and when communication partners are communicating with us, as well as gather technical information about the communication partners' devices and, depending on their device settings, location information (so-called metadata).
Legal Basis Notes: If we request permission from communication partners before communicating with them via messenger, the legal basis for processing their data is their consent. Otherwise, if we do not request consent and, for example, they contact us on their own initiative, we use messengers with our contractual partners and in the context of contract initiation as a contractual measure. For other interested parties and communication partners, we base the use of messengers on our legitimate interests in fast and efficient communication and meeting the needs of our communication partners. Furthermore, we inform you that we do not transmit the contact details provided to us to the messengers without your consent.
Revocation, Objection, and Deletion: You can withdraw any consent given at any time and object to communication with us via messenger at any time. In the case of communication via messenger, we delete messages according to our general deletion policies (e.g., as described above, after the end of contractual relationships, in the context of archiving requirements, etc.) and otherwise as soon as we assume that any inquiries from communication partners have been answered, provided there is no expectation of a reference to a previous conversation and no legal retention obligations stand in the way of deletion.
Reservation of Reference to Other Communication Channels: Finally, we would like to point out that for security reasons, we reserve the right not to respond to requests via messenger. This is the case if, for example, contract details require special confidentiality or a response via messenger does not meet formal requirements. In such cases, we will refer you to more appropriate communication channels.
Further Notes on Processing Procedures, Processes, and Services:
We use platforms and applications from other providers (hereinafter referred to as "conference platforms") for the purpose of conducting video and audio conferences, webinars, and other types of video and audio meetings (hereinafter collectively referred to as "conferences"). When selecting conference platforms and their services, we comply with legal requirements.
Data Processed by Conference Platforms: In the context of participating in a conference, the conference platforms process the personal data of participants as mentioned below. The extent of processing depends on the data required for a specific conference (e.g., providing access credentials or real names) and any optional information provided by the participants. Besides processing for conducting the conference, participant data may also be processed by the conference platforms for security purposes or service optimization. Processed data includes personal data (first name, last name), contact information (email address, phone number), access credentials (access codes or passwords), profile pictures, details about professional positions/functions, the IP address of the internet connection, details about participants' devices, their operating system, browser and its technical and language settings, information on content-related communication processes, i.e., entries in chats, as well as audio and video data, and the use of other available functions (e.g., surveys). Communication content is encrypted to the extent technically provided by the conference providers. If participants are registered users with the conference platforms, additional data may be processed according to the agreement with the respective conference provider.
Logging and Recordings: If text entries, participation results (e.g., from surveys), or video or audio recordings are logged, this will be transparently communicated to the participants in advance, and they will be asked for consent if necessary.
Participants' Privacy Measures: Please refer to the privacy notices of the conference platforms for details on how your data is processed, and select the optimal security and privacy settings in the settings of the conference platforms. Furthermore, ensure data and personal protection during a video conference by managing the background of your recording (e.g., by informing housemates, locking doors, and using, where technically possible, the background blurring function). Links to conference rooms and access credentials must not be shared with unauthorized third parties.
Notes on Legal Basis: If, in addition to the conference platforms, we also process user data and request users' consent for the use of conference platforms or specific functions (e.g., consent for recording conferences), the legal basis for processing is this consent. Additionally, our processing may be necessary for fulfilling our contractual obligations (e.g., in participant lists, in the context of processing conversation results, etc.). Otherwise, user data is processed based on our legitimate interests in efficient and secure communication with our communication partners.
Further Notes on Processing Procedures, Processes, and Services:
We use software services accessible via the internet and executed on the servers of their providers (so-called "Cloud Services," also referred to as "Software as a Service") for the following purposes: document storage and management, calendar management, email sending, spreadsheets and presentations, exchanging documents, content and information with specific recipients or publishing websites, forms or other content and information, as well as chats and participation in audio and video conferences.
In this context, personal data may be processed and stored on the providers' servers if it is part of communication processes with us or otherwise processed by us as described in this privacy policy. Such data may particularly include master data and contact data of users, data on processes, contracts, other processes, and their contents. Cloud service providers also process usage data and metadata, which they use for security purposes and service optimization.
If we use cloud services to provide forms or other documents and content for other users or publicly accessible websites, the providers may store cookies on users' devices for web analysis purposes or to remember user settings (e.g., in the case of media control).
Further Notes on Processing Procedures, Processes, and Services:
We send newsletters, emails, and other electronic notifications (hereinafter "Newsletters") only with the consent of the recipients or where legally permissible. If, as part of a newsletter subscription, the content is specifically described, it is relevant for the consent of the users. Otherwise, our newsletters contain information about our services and us.
To subscribe to our newsletters, it is generally sufficient to provide your email address. However, we may ask you to provide a name for personal addressing in the newsletter or additional information if it is necessary for the purposes of the newsletter.
Double Opt-In Procedure: Subscription to our newsletter follows a double opt-in procedure. This means that after registering, you will receive an email requesting confirmation of your subscription. This confirmation is necessary to prevent unauthorized use of email addresses. Newsletter subscriptions are logged to ensure the registration process is in compliance with legal requirements. This includes storing the time of registration and confirmation, as well as the IP address. Changes to your data stored with the mailing service provider are also logged.
Deletion and Restriction of Data Processing: We may retain unsubscribed email addresses for up to three years based on our legitimate interests to provide evidence of previously given consent. The processing of this data will be limited to the purpose of potential defense against claims. An individual deletion request is possible at any time, provided the previous existence of consent is confirmed. In the event of obligations to permanently observe objections, we reserve the right to store the email address solely for this purpose in a blocklist (commonly referred to as a "blocklist").
Logging the registration process is based on our legitimate interests to demonstrate its proper execution. If we engage a service provider for email delivery, this is done based on our legitimate interest in an efficient and secure mailing system.
Content:Information about us, our services, promotions, and offers.
Further Information on Processing Procedures, Methods, and Services:
We maintain online presences within social networks and process user data in this context to communicate with users active there or to offer information about us.
Please note that user data may be processed outside the European Union. This can result in risks for users, as it may be difficult for them to exercise their rights.
Furthermore, user data is generally processed for market research and advertising purposes within social networks. For example, usage profiles may be created based on user behavior and their resulting interests. These usage profiles can in turn be used to display advertisements within and outside the networks that presumably match the interests of users. For these purposes, cookies are usually stored on users' devices in which their usage behavior and interests are stored. Additionally, data can also be stored in usage profiles regardless of the devices used by users (especially if the users are members of the respective platforms and logged in).
For a detailed description of the respective forms of processing and the opt-out options, we refer to the privacy policies and information of the operators of the respective networks.
Even in the case of information requests and the assertion of user rights, we point out that these can be most effectively addressed to the providers. Only the providers have access to the users' data and can take appropriate measures and provide information. If you still need assistance, you can contact us.
Further Information on Processing Procedures, Methods, and Services:
We integrate function and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may include graphics, videos, or maps (hereinafter uniformly referred to as "content").
The integration always requires that the third-party providers of this content process the IP address of the users, as without the IP address they could not send the content to their browser. The IP address is therefore necessary for the display of this content or functions. We strive to use only such content whose respective providers use the IP address solely for the delivery of the content. Third-party providers may also use so-called pixel tags (invisible graphics, also referred to as "web beacons") for statistical or marketing purposes. Through the "pixel tags," information such as visitor traffic on the pages of this website can be evaluated. The pseudonymous information may also be stored in cookies on the users' devices and may include, among other things, technical information about the browser and operating system, referring websites, visit times, as well as other details regarding the use of our online offering, and may also be combined with such information from other sources.
Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics uses so-called "cookies", text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.
IP Anonymization: We have activated IP anonymization on this website. As a result, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator.
Processed Data Types: Usage data (e.g., visited websites, access times), meta/communication data (e.g., device information, IP addresses).
Legal Basis: The data processing is based on your consent (Art. 6 Para. 1 S. 1 lit. a GDPR).
Objection to Data Collection: You can prevent the storage of cookies by adjusting your browser software accordingly; however, we would like to point out that in this case, you may not be able to fully use all the functions of this website. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.
Further Information: Further information on the terms of use and data protection can be found at https://www.google.com/analytics/terms/en.html or https://policies.google.com/?hl=en.
Further information on processing operations, procedures, and services:
We kindly ask you to regularly review the content of our privacy policy. We will adjust the privacy policy as soon as changes in our data processing make this necessary. We will notify you if the changes require your cooperation (e.g., consent) or any other individual notification.
If we provide addresses and contact information of companies and organizations in this privacy policy, please note that the addresses may change over time, and we ask you to verify the information before contacting them.
As a data subject under the GDPR, you have various rights, which arise in particular from Art. 15 to 21 GDPR:
This section provides an overview of the terminology used in this privacy policy. Many of the terms are taken from the law and defined mainly in Art. 4 GDPR. The legal definitions are binding. The following explanations are primarily intended to aid understanding. The terms are listed alphabetically.