Privacy Policy

Data protection is of particular importance for WELLFLEX GMBH. It is generally possible to use the Internet pages of WELLFLEX GMBH without supplying any personal information. If a data subject wishes to make use of specific services of our company via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject. To carefully protect your privacy and to ensure that your data is handled with complete confidentiality, we would like to provide you with some remarks and information below.

Scope of application:

This Privacy Policy is intended for users of this website in accordance with the General Data Protection Regulation (GDPR, https://eu-datenschutz.org/), Federal Data Protection Act-new (BDSG-neu, https://dsgvo-gesetz.de/bdsg-neu/) and Telemedia Act (TMG, https://www.gesetze-im-Internet.de/tmg/BJNR017910007.html) about the type, scope and purpose of the collection and use of personal data by the website operator.

We only collect, process and use personal data insofar as you have given your consent or it is permitted by law.

The processing of personal data, such as the name, address, email address or telephone number of a data subject, is always carried out in accordance with the Basic Data Protection Regulation and in accordance with the applicable WELLFLEX GMBH country-specific data protection regulations.

WELLFLEX GMBH has implemented numerous technical and organisational measures as the group responsible for the processing of personal data in order to ensure that all personal data processed via this website is protected as completely as possible. Nevertheless, Internet-based data transmissions can always have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other data protection regulations:

WELLFLEX GMBH
Erasmusstraße 3
28217 Bremen
Germany

Telephone: +49 (0)421 439315
E-mail: datenschutz(at)wellflex.de
Website: www.wellflex.de

The WELLFLEX GMBH’s Privacy Policy is based on the terms used in the General Data Protection Regulation (GDPR) by the European legislator for directives and regulations. Our Privacy Policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

We use the following terms in this Privacy Policy:

a) Personal data
Personal data is all information that relates to an identified or identifiable natural person (data subject). A natural person is regarded as identifiable who can be identified, directly or indirectly, in particular by means of assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special features that express the physical, physiological, genetic, psychological, economic, cultural or social identity of this natural person.

b) Data subject
The data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

c) Processing
Processing is any process carried out with or without the help of automated procedures or any such series of processes in connection with personal data such as the collection, recording, organization, ordering, storage, adaptation or change, reading, querying, use, disclosure through transmission, distribution or any other form of provision, comparison or linking, restriction, deletion or destruction.

d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting their future processing.

e) Profiling
Profiling is any type of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyse or predict aspects relating to work performance, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or relocation of this natural person. As a responsible company, we do not use automatic decision-making or profiling.

f) Pseudonymization
Pseudonymization is the processing of personal data in a way in which the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is stored separately and is subject to technical and organizational measures that ensure that the personal data cannot be assigned to an identified or identifiable natural person.

g) Controller or data controller
Controller or processor is the natural or legal person, authority, institution or other body that alone or jointly with others decides on the purposes and means of processing personal data. If the purposes and means of this processing are specified by Union law or the law of the Member States, the data controller or the specific criteria for their appointment can be provided for in accordance with Union law or the law of the Member States.

h) Processor
Processor is a natural or legal person, authority, institution or other body that processes personal data on behalf of the data controller.

i) Recipient
Recipient is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. However, authorities that may receive personal data as part of a specific investigation under Union law or the law of the Member States are not considered recipients.

j) Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, the data controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the data controller or the processor.

k) Third countries
Countries outside the European Union (EU).

l) Services
Our offers to which this Privacy Policy applies (see scope of application).

m) Tracking and tracking technologies
The collection of data and its evaluation with regard to the behaviour of visitors to our services. Tracking can take place both via the activity logs (log files) stored on our web servers and by collecting data from your device using pixels, cookies and similar tracking technologies.

n) Pixels
Pixels are also referred to as counting pixels, tracking pixels, web beacons or web bugs. They are small, invisible graphics in HTML emails or on websites. When a document is opened, this small image is loaded from a server on the Internet, and the download is registered there. In this way, the operator of the server can see whether and when an email was opened, or a website was visited. This function is usually implemented by calling up a small program (Javascript). In this way, certain types of information can be recognized and transferred on your computer system, such as the content of cookies, the time and date of the page view and a description of the page on which the tracking pixel is located.

o) Consent
Consent is any declaration of intent voluntarily given by the data subject in an informed manner and unequivocally in the form of a declaration or other unequivocal affirmative action with which the data subject indicates that they consent to the processing of their personal data.

This Privacy Policy provides you, as a user of our website, with all the necessary information about how, to what extent and for what purpose we or third-party suppliers collect data from you and use it. The protection of your personal data is of particular concern to us. We, therefore, process your data exclusively on the basis of the statutory provisions (GDPR, BDSG-neu, ePrivacy Directive (Data Protection Directive for Electronic Communication), Telemedia Act (TMG), Telecommunications Act (TKG)).

The data processing is also carried out on the basis of the legal provisions of Section 147 AO (Tax Code) (storage due to tax documentation obligations), Art 6 para. 1 lit. a (consent) and/or lit. b (necessary to fulfil the contract) of the GDPR.

In addition, we will only disclose this data to third parties with your express consent. We use SSL encryption to ensure a high level of security for particularly confidential data, such as for payment transactions or with regard to your enquiries to us.

The server on which our website is hosted is located in a data centre in the European Union and is operated by a German company. We have concluded an order data processing contract with the hosting provider that meets the requirements of Art. 28 et seq. GDPR and Art. 29 GDPR.

We would like to point out the general dangers of Internet use, over which we have no influence. In particular, any data sent by email is not secure unless further precautions are implemented, and it can, in some instances, be acquired by third parties. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

You can obtain information about the personal data we have stored about you, as well as about the origin, the recipient and the purpose of data collection and data processing, at any time. You also have the right to request the correction, blocking or deletion of your data. This does not include data that must be kept due to legal provisions or is required for the orderly settlement of business transactions.

For all questions and concerns regarding the rectification, blocking or erasure of personal data, please contact our data protection officer using the contact details in this Privacy Policy or at the address stated in the imprint.

In the following, we will inform you about the most important aspects of data processing on our website.

3.1 Principles of data processing
Art. 5 para. 1 GDPR lists the principles that apply to all data processing:

  • Lawfulness of the processing (cf. Art. 6 GDPR): Data may only be processed if a statutory provision or valid consent exists.
  • Processing in good faith
  • Transparency (cf. Art. 12 et seq. GDPR): Data subjects should also be able to exercise their basic right. To do this, they particularly require information about the stored data.
  • Earmarking: The purposes of the data processing must always be defined when the data is collected.
  • Data minimization: In particular, data must be limited to what is necessary for the purposes of processing.
  • Correctness of the data processing (see Art. 16, 17 GDPR)
  • Storage limitation (see Art. 17 GDPR, “Right to be forgotten”)
  • Integrity and confidentiality (see Art. 32 GDPR): Data security

3.2 Collection/storage of general information
When you access our website, information of a general nature is automatically recorded. This information contains e. g. your IP address, the type of browser, the operating system used, the name of your Internet service provider and similar information. It is exclusively information that cannot be connected to you as an individual. This information is produced automatically during Internet use and is required for technical reasons so that the requested web content can be correctly displayed.

3.3 Scope of the processing of personal data
Following the principles of data avoidance and data economy, we collect personal data only to the extent that and as long as it is necessary for the use of our website or is required by law We collect and utilize your personal data only insofar as this is necessary to provide an operating site, our content, and our services.

Our website can be used without disclosing personal data.

We take the protection of your personal data seriously and comply strictly with the relevant legal regulations and with this Privacy Policy when collecting and processing personal data. If the purpose for the data collection ceases to be valid or if the end of the statutory retention period has been reached, the collected data will be blocked or deleted.

When we collect personal data—such as your name, address or email address—this data collection is voluntary. We regularly collect and use your personal data, but only with your consent. An exception applies in cases where circumstances prevent us from obtaining prior consent and the processing of the data is permitted by law.

3.4 Legal basis for processing personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for its processing.

When processing personal data that is necessary to fulfil an agreement to which the data subject is a party, Art. 6 para. 1 lit. b GDPR is the legal basis. This also applies to processing operations that are necessary for carrying out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR is the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or of a third party and if the interests, fundamental rights, and freedoms of the person concerned do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR is the legal basis for the processing. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not take priority. We are allowed to carry out such processing procedures because they have been specifically mentioned by the European legislator. In this respect, a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, clause 2, GDPR).

3.4.1 Types of data processed
We process

  • Inventory data (e.g. names, addresses).
  • Contact data (e.g., email address, phone numbers).
  • Content data (e.g. text input, photographs, videos).
  • Usage data (e.g., websites visited, interest in content, access times).
  • Meta/communication data (e.g. device information, IP addresses).

3.4.2 Business-related data processing
We also process

  • Contract data (e.g. subject matter of the contract, term, customer category).
  • Payment data (e.g., bank details, payment history)
    from our customers, prospects and business partners for the purpose of providing contractual services, service and customer care, marketing, advertising and market research.

3.4.3 Purpose of data processing
Some of the data is collected to ensure that the website is error-free and secure. Other data can be used to analyse how visitors use the site. We process your information for:

  • Provision of the website, its functions and contents
  • Response to contact requests and communication with users
  • Security measures
  • Range measurement/marketing.

3.5 Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision
We inform you that the provision of personal data is partly required by law (e.g., tax regulations) or may also result from contractual regulations (e.g., information on the contractual partner). In order for a contract to be concluded, it may sometimes be necessary for the data subject to provide us with personal data that we will then have to process. For example, the data subject is obligated to provide us with personal data when our company concludes a contract with them. Failure to provide personal data would mean the contract with the data subject could not be concluded. Before the data subject provides personal data, the data subject must contact our data protection team. Our data protection officer will inform the data subject on a case-by-case basis whether the provision of personal data is required by law or contract or is required for the conclusion of the contract, whether an obligation exists to provide the personal data, and about the consequences of failing to provide the personal data.

3.6 Data erasure and storage duration
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. In addition, the data may be stored if this has been provided for by the European or national legislators in EU regulations, laws, or other provisions to which the data controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned regulations has elapsed unless further storage of the data is necessary for the conclusion or fulfilment of a contract.

3.7 Transmission to government authorities
We transmit personal data to state authorities (including law enforcement authorities) if this is necessary to fulfil a legal obligation to which we are subject. The legal basis is Art. 6 para. 1 c GDPR or according to Art. 6 para. 1 f GDPR, if it is necessary to assert, exercise or defend legal claims.

3.8 Transfer to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or data disclosure or transfer to third parties, this will only take place to fulfil our (pre)contractual obligations, based on your consent, based on a legal obligation, or based on our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the particular requirements of Article 44 et seq. GDPR are met. This means data will be processed on the basis of, for example, special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (for example, through “Privacy Shield” for the USA) or compliance with officially recognised special contractual obligations (standard contractual clauses).

3.9 Handling of contact details
If you contact the website operator using the contact options offered (email or contact form), your details will be saved so that they can only be used to process and answer your specific request. All details will be treated confidentially. This data will not be passed on to third parties without your consent.

The legal basis for such processing is Art. 6 para. 1 lit. b GDPR.

Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.

3.10 Handling of customer data
As soon as you have ordered/bought a product/service from WELLFLEX GMBH, we save your data for order processing in accordance with the legal requirements of the GDPR, the BDSG-neu, the HGB (German Commercial Code) and the AO (Tax Act). In this case, we also use your data within the framework of the statutory provisions, in order to send you advertisements for other products/services. Of course, you can object to such advertising use of your customer data at any time by phone, email or letter.

3.11 Hosting and email dispatch
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email delivery, security services and technical maintenance services that we use for the purpose of operating this online offering.

In this regard, either we or our hosting provider process the inventory data, contact data, content data, contract data, usage data, as well as the meta and communication data of customers, interested parties and visitors of this online offering based on our legitimate interests in the efficient and secure provision of this website, in accordance with Art. 6 para. 1 lit. f GDPR and Article 28 GDPR (conclusion of order processing agreement).

3.12 Children
WELLFLEX GMBH advises all parents and guardians to instruct their children in the safe and responsible handling of personal data on the Internet. Without the consent of their parents or guardian, children should not send any personal data to WELLFLEX GMBH. WELLFLEX GMBH assures that it will not knowingly collect personal data from children, use it in any way or disclose it to third parties without authorization.

3.13 SSL or TLS encryption
For security reasons, our website uses SSL or TLS encryption when it comes to the transmission of confidential or personal content from our users, such as orders or inquiries. This encryption is activated, for example, when processing payment transactions and for inquiries that you send to us via our website. Please make sure that SSL encryption is enabled on your device when engaged in relevant activities. It is easy to tell whether encryption is enabled: the display on your browser line will change from “http://” to “https://”. Data encrypted via SSL or TLS cannot be read by third parties. Only transmit your confidential information if SSL or TLS encryption is activated; if in doubt, please contact us.

3.14 Provision of chargeable services
If you wish to use the paid services offered on our website, we may need to collect additional data from you for billing purposes and for security reasons. This generally includes your name, a valid email address and, if applicable, your address and telephone number as well as further information, depending on the individual case, such as payment details. It may also include content that allows us to verify the information provided, such as to check that you own the email address provided. For legal reasons, we must ensure that you actually wish to receive the services offered and that we can properly invoice you for the service. We secure your data during payment transactions using the SSL encryption standard, identifiable in the browser line “https://”.

3.15 Contract processing
The data you submit when ordering goods and/or services from us will have to be processed in order to fulfil your order. Please note that orders cannot be processed without providing this data.

The legal basis for processing is your consent under Art. 6 para. 1 lit. b GDPR.
After your order has been completed, your personal data will be deleted, but only after the retention periods required by tax and commercial law.

In order to process your order, we will share your data with the shipping company responsible for delivery to the extent required to deliver your order and/or with the payment service provider to the extent required to process your payment. The legal basis for the transfer of such data is Art. 6 para. 1 lit. b GDPR.

3.15.1 Contractual services
We process the data of our contractual partners and interested parties as well as other clients, customers, clients or contractual partners in accordance with Art. 6 para. 1 lit. b. GDPR to provide our contractual or pre-contractual services to them. The data processed here, the type, scope and purpose and the necessity of its processing, is determined by the underlying contractual relationship.

The data processed includes the master data of our contractual partners (e.g. names and addresses), contact data (e.g. email addresses and telephone numbers) as well as contract data (e.g. services used, contract contents, contractual communication, names of contact persons) and payment data (e.g. bank details, payment history).
We do not process special categories of personal data unless they are part of commissioned or contractual processing.

We process data that is necessary to justify and fulfil the contractual services and point out the necessity of its disclosure unless this is evident for the contractual partners. It is only disclosed to external persons or companies if it is required within the framework of a contract. When processing the data provided to us within the framework of an order, we act in accordance with the instructions of the client as well as with the legal requirements.

When our online services are used, we may store the IP address and the time of the user action in question. The data is stored on the basis of our legitimate interests as well as the user’s interests regarding protection against misuse and other unauthorised use. In principle, this data is not passed on to third parties unless it is necessary for the pursuit of our claims according to Art. 6 para. 1 lit. f. GDPR there is a legal obligation to do so in accordance with the GDPR pursuant to Art. 6 para. 1 lit. c GDPR.

The data will be deleted if the data is no longer required for the fulfilment of contractual or statutory duties of care or for the handling of any warranty or comparable obligations, whereby the necessity of storing the data is checked every three years; in all other respects, the statutory storage obligations apply.

3.16 Checking creditworthiness and scoring
Insofar as we give you the basic option of paying by invoice as part of our range of goods or services and you make use thereof, we reserve the right to run a credit check with a credit agency (such as Creditreform, Schufa, Bürgel or infoscore) on the basis of mathematical-statistical procedures. For this purpose, your data, insofar as it is relevant to the contract, such as your name and address, will be forwarded to the credit agency. We then use the information obtained about the statistical probability of default to decide whether we will offer you payment on account.

The legal basis for such processing is our legitimate interest to avoid default on our claim according to Art. 6 para.1 lit. f GDPR.

3.17 Objection to advertising emails
As part of the legal imprint obligation, we must publish our contact details. These may not be used by third parties to send unwanted advertising or other information. We hereby object to the sending of advertising material of any kind not expressly authorized by us. We also expressly reserve the right to take legal action against the unwanted and unsolicited sending of advertising material. This applies in particular to so-called spam emails, spam letters, and spam faxes. We would like to point out that the unauthorized transmission of advertising material may be in breach of competition law, civil law, and criminal law. Spam emails and spam faxes, in particular, can lead to high claims for damages if they disrupt business operations due to overcrowding of inboxes or fax machines.

3.18 Collection of access data and log files
We, or our hosting provider, on the basis of our legitimate interests within the meaning of Art. 6 para. 1 lit. f GDPR collect data regarding each access to the server on which this service is located (known as server log files). Access data includes the name of the requested website, file, date and time of access, amount of data transferred, report whether the site was successfully accessed, browser type and version, the user’s operating system, the referrer URL (the site visited before coming to our site), the user’s IP address, and the requesting Internet service provider.

Logfile information is stored for a maximum of seven days for security reasons (e.g., to investigate misuse or fraud) and then deleted. Data which must be retained as potential evidence is not deleted until the relevant incident has been ultimately clarified.

3.19 Server data
For technical reasons, the data sent by your Internet browser to us or to our server provider will be collected, especially to ensure a secure and stable website. These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site. The data thus collected will be temporarily stored, but not in association with any other of your data.

The basis for this storage is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.

The data will be deleted within no more than seven days unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.

3.20 Google content delivery network (ajax.googleapis.com)
This website uses Ajax and jQuery or jQueryUI technologies, as do many pages on the Internet, including the jQuery Javascript library for displaying content in order to increase or optimize the loading speed of our website and thus provide you with a better user experience, we use the CDN (content delivery network) ajax.googleapis.com from Google to load these libraries. There is a very good chance that you have already used jQuery on another page from the Google CDN. In that case, your browser can access the copy stored in the cache and it does not have to be downloaded again. If your browser has not saved a copy in the cache or is downloading the file from the Google CDN for another reason, data will, in turn, be transferred from your browser to Google Inc., possibly to the USA. Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European data protection law https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0&status=Active. You can find out more at https://developers.google.com/speed/libraries/#jquer and under the data protection provisions of google.de at https://policies.google.com/privacy?hl=de&gl=de.The use is based on our legitimate interests, i.e. interest in a secure and efficient provision, analysis and optimisation of our online services in accordance with Art. 6 para. 1 lit. f GDPR.

3.21 Administration, financial accounting, office organization, contact management
We process data in the context of administrative tasks as well as the organization of our operations, financial accounting and compliance with legal obligations, such as archiving. In this regard, we process the same data that we process in the course of providing our contractual services. The bases of processing are art. 6 para. 1 lit. c. GDPR, Art. 6 para. 1 lit. f GDPR. Customers, prospective customers, business partners and website visitors are affected by the processing. The purpose of and our interest in the processing lies in administration, financial accounting, office organisation, archiving of data, namely, tasks that serve the maintenance of our business activities, performance of our tasks and provision of our services. The deletion of data with regard to contractual services and contractual communication corresponds to the tasks specified in these processing activities.

In this regard, we disclose or transmit data to tax authorities, consultants, such as tax consultants or auditors, as well as other fee offices and payment service providers.
Furthermore, we store information regarding suppliers, event organisers and other business partners on the basis of our business interests, e.g. for the purpose of making contact at a later date. In principle, we store this data, which is mainly company-related, permanently.

3.22 Business analyses and market research
In order to operate our business economically, to be able to recognise market tendencies, wishes of the contracting parties and users, we analyse the data available to us of business processes, contracts, enquiries, etc. We process inventory data, communication data, contract data, payment data, usage data, metadata on the basis of art. 6 para. 1 lit. f GDPR, whereby the data subjects include contractual partners, interested parties, customers, visitors and users of our online offer.

The analyses are carried out for the purpose of business evaluations, marketing and market research. We can include the profiles of registered users with information, e.g. on the services they have used. The analyses help us to improve user-friendliness, the optimisation of our offer and our competitiveness. The analyses serve us alone and are not disclosed externally unless they are anonymous analyses with summarized values.

If these analyses or profiles are personal, they will be deleted or made anonymous upon user termination, otherwise after two years from the conclusion of the contract. Macroeconomic analyses and general trend determinations are also prepared anonymously wherever possible.

3.23 Links to other websites
Our website contains links to other websites. If you use these external links, this Privacy Policy does not apply to these links. Insofar as we offer links, we assure you that no violations of applicable law were recognizable on the linked websites at the time the link was set. However, we do not have any influence on whether their operators observe the data protection provisions.

Therefore, please make your own enquiries about the privacy policies which apply to the web pages of the other operators.

3.24 Disclosure of personal data
We will not pass on personal data without your express consent unless legal permission exists, e.g. if we are legally obligated to surrender data (information to law enforcement authorities and courts; information to public bodies that receive data due to legal regulations, e.g. social security agencies, tax authorities, etc.) or if we involve third parties who are obliged to maintain professional secrecy to enforce our claims.

3.25 Data security
We secure our website and other systems using technical and organisational measures against loss, destruction, access, modification or processing of your data by unauthorised persons. However, despite regular checks, complete protection against all risks is not possible.
The website employs the industry-standard SSL (Secure Sockets Layer) encryption. Your personal information on the Internet is thereby safeguarded.

Server log files contain anonymous data that are collected when you access our website. This information cannot be traced in any way to you as an individual, but is, for technical reasons, necessary for the delivery and presentation of our content. It also helps with our statistics and with the continuous optimization of our content. Typical log files include the date and time of access, the volume of data, the browser used and the browser version, the operating system used, the domain name of the provider you use, the page from which you visited our website (referrer URL) and your IP address. Log files also enable precise checks in the event of suspected illegal use of our website.

4.1. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:
(1) Information about the browser type and the version used
(2) The user’s operating system
(3) The user’s Internet service provider
(4) The user’s IP address
(5) Date and time of access
(6) Websites from which the user’s system reached our website
(7) Websites that are accessed by the user’s system via our website

The data is also stored in the log files of our system. Not affected by this are the user’s IP addresses or other data that enables the assignment of the data to a user. This data is not stored together with any other personal data pertaining to the user.

4.2 Legal basis for data processing
The legal basis for the temporary storage of the data is Art. 6 para. 1 lit. f GDPR.

4.3 Purpose of Data Processing
Temporary storage of IP address by the system is necessary to enable the delivery of the website to the user’s computer. To this end, the IP address of the user must be stored for the duration of the session.

These purposes also encompass our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

4.4. Duration of storage
The data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. In the case the data was collected in order to provide the website, it will be deleted once your session on our site ends.

4.5 Objection and deletion possibility
The collection of data for the provision of the website and storage of data in log files is absolutely necessary for the operation of the website. Consequently, you have no option to object to its collection.

If you contact us using the form on the website or by email, the data you provide will be stored by us for six months for the purpose of processing the enquiry and in the case of follow-up questions. We do not share this data without your permission.

5.1 Description and scope of data processing
A contact form is available on our website that can be used to contact us electronically. If users accept this option, the data entered in the input screen will be transmitted to us and stored.

This data comprises:
What data do you collect? e.g.:
(1) Last name
(2) First name
(3) Salutation
(4) Title
(5) Address (street, house number, zip code, city)
(6) Date of birth
(7) Email address
(8) Telephone no.
(9) … At the time the message is sent, the following data is also stored:

What data do you collect? e.g.:
(1) The user’s IP address
(2) Date and time of registration
(3) …

During the dispatch process, your consent is obtained for processing data and reference is made to this Privacy Policy.

Alternatively, you can contact us via the email address provided. If you use this option, your personal data will be transmitted along with the email, both of which will be stored.

No data will be disclosed to third parties in this context. These data will be used exclusively to respond to your enquiry.

5.2 Legal basis for data processing
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR.

The legal basis for processing the data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If you email us with the intention of entering into a contract with us, this creates an additional legal basis for its processing per Art. 6 para. 1 lit. b GDPR.

5.3 Purpose of the data processing
The processing of the personal data from the input mask serves us only to process the contact. If contact is made via email, this is also because of our required legitimate interest in processing the data.

The other personal data processed during the sending process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

5.4 Duration of storage
The data will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected. For the personal data from the contact form input screen and the data that was sent by email, this is the case when the respective conversation with the user has been completed. The conversation is terminated when the circumstances indicate that the matter in question has been finally resolved.

Personal data that was additionally collected during the transmission procedure will be deleted within seven business days at the latest.

5.5 Objection and erasure option
The user has the option to revoke their consent to the processing of personal data at any time. If you contact us by email, you may object to the storage of your personal data at any time. If this right is exercised, it will not be possible to continue the conversation.

In such cases, all personal data that was stored when contact was made with us will be deleted.

In the context of the provision of the Internet offer, cookies may be used. A cookie is a file that is created by a website. It contains information about your computer and personal identification data and is saved locally on your computer. This makes it possible to recognize you when you visit a website later. However, on a website, the option to access personal identification data only exists to that which you provide. For example, your email name cannot be found on a website until you have entered it. In addition, websites were not given access to any other information on your computer. Once a cookie has been saved on your computer, it can only be read by the website that created it. We find out which areas of our website are particularly popular, how our visitors move around the website and how long they stay in various areas. This information can be evaluated for statistical purposes and the individual user remains anonymous. You can set your browser so that it informs you about the placement of cookies, blocks cookies or deletes cookies from your hard drive after your Internet session has ended. This will make their use apparent to you. The pages http://www.aboutads.info/choices/ (USA) and http://www.youronlinechoices.com/uk/your-ad-choices/ (Europe) allow you to manage online ad cookies.

If necessary, our website may also use cookies from companies with whom we cooperate (third-party cookies) for the purpose of advertising, analysing, or improving the features of our website. Please refer to the following information for details, in particular for the legal basis and purpose of such third-party collection and processing of data collected through cookies.
Basically, cookies are only an online identifier without personal reference. The cookies become personal when they are combined with other data in addition to the information generated by the cookies. A distinction can be made between cookies that are required for the provision of the website and cookies that are required for other purposes such as analysis of user behaviour or advertising.

The cookies that are required for the provision of the website include in particular the following:

  • Cookies that are used to identify or authenticate users;
  • Cookies that temporarily save certain user inputs (e.g. content of a watch list or an online form);
  • Cookies that save certain user preferences (e.g. search or language settings);
  • Cookies that save data in order to guarantee the trouble-free playback of video or audio content.

The cookies that are required for other purposes include in particular the following:

  • Analysis cookies in order to be able to record the usage behaviour (e.g. clicked advertising banners, visited subpages, made search queries) of our users and to be able to evaluate them in statistical form;
  • Advertising cookies, with the help of which profiles on user behaviour (e.g. clicked advertising banners, visited sub-pages, made search queries) are created in order to show the user advertising or offers that are tailored to their interests (interest-based advertising);
  • Third-party advertising cookies, with the help of which profiles on user behaviour (e.g. clicked advertising banners, visited sub-pages, made search queries) are created and the data controller and the third party can show the user advertising or offers that are tailored to their interests (Third-party cookies).

6.1 Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. If a user visits a website, a cookie may be stored on the user’s operating system. This cookie contains a distinctive character string that enables the unique identification of the browser when the website is accessed again.
If technically necessary cookies are used:
We use cookies (session cookies) to make our website more user-friendly. Some elements of our website require that your browser be identified as you move on to another page within the site.
A session cookie saves a randomly generated unique identification number (session ID) and contains, among other things, information about its origin and the storage period. Session cookies do not save any other data and are deleted when the browser is closed.

The following data is stored and transmitted in the cookies:
What data do you collect? e.g.:

(1) Language settings
(2) Log-in information
(3) … If technically unnecessary cookies are also used:
We also use cookies on our website that enable an analysis of the surfing behaviour of the users.
In this way, the following data can be transmitted:
What data do you collect? e.g.:
(1) Entered search terms
(2) Frequency of page views
(3) Use of website functions
(4) …

If no consent is obtained from the user before the technically unnecessary cookies are set and retrieved (“legitimate interest” of the processor according to Art. 6 para. 1 lit. f GDPR):
The user data collected in this way is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to the accessing user. The data is not stored together with the user’s other personal data.

When accessing our website, users are informed by an information banner on the use of cookies for analytical purposes and referred to this Privacy Policy. A note is also included in this context as to how the user can disable the storage of cookies in the browser settings.
If the consent of the user is obtained before the technically unnecessary cookies are set and retrieved (opt-in solution):

When you visit our website, the user is informed about the use of cookies for analysis purposes and his consent to the processing of the personal data used in this context is obtained. Reference is also made to this Privacy Policy in this context.

6.2 Legal basis for data processing
If only technically necessary cookies are used or technically necessary cookies and technically unnecessary cookies are used without the prior consent of the user:
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.

6.3 Purpose of data processing
If technically necessary cookies are used:
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some features of our website will not be available without the use of cookies. In such cases, the browser must be recognised even after changing the page.
We need cookies for the following applications:
Which ones do you need? e.g.:
(1) Acceptance of language settings
(2) Remembering search terms
(3) …. The user data collected by technically necessary cookies is not used to create user profiles.

6.4 Duration of storage, objection and removal options
Cookies are stored on the user’s computer and transmitted from there to our site. Therefore, as a user, you have full control of the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved may be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website’s features.

No social plugins are used on our website.

On the basis of our legitimate interests in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f GDPR, we use content or service offers from third parties in order to incorporate their content and services, such as videos or fonts.

The offer on our website may also include content, services and performances from other providers that supplement our offer. Examples of such offers are maps from Google Maps, YouTube videos or graphics and images from third parties (other websites). The calling up of these services by third parties requires disclosure of your IP address. Therefore, these providers can see and also save your user IP address. We make every effort to only include those third-party providers who use IP addresses solely for the delivery of the content. However, we have no influence on which third-party provider may save the IP address. This saving of address can be used for statistical purposes, for example. Should we become aware of any saving procedures through third parties, we will inform our users of this immediately.
Third-party providers may also use “pixel tags”, invisible graphics (“web beacons”) for statistical or marketing purposes. “Pixel tags” can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may include technical information about the browser and operating system, referring websites, visiting time, and other information about the use of our website. It may also be linked to such information from other sources.

In this context, please also take note of the special privacy policies for individual third-party providers and service providers whose services we use on our website. You will find them in this Privacy Policy as well.

8.1 Use of Jetpack for WordPress
We have integrated Jetpack on this website. Jetpack is a WordPress plug-in that provides additional functionality to the operator of an Internet site based on WordPress. Among other things, Jetpack allows the website operator an overview of the visitors to the site. By displaying related contributions and publications or the ability to share content on the site, it is also possible to increase visitor numbers. In addition, security features are integrated into Jetpack so that a Jetpack-using website is better protected against brute-force attacks. Jetpack also optimises and speeds up the loading of images built into the website.

The operating company of the Jetpack plug-in for WordPress is Automattic Inc., 132 Hawthorne Street, San Francisco, CA 94107, USA. The operating company uses the tracking technology of Quantcast Inc., 201 Third Street, San Francisco, CA 94103, USA.
Through certification according to the EU-US Privacy Shield https://www.privacyshield.gov/participant?id=a2zt0000000CbqcAAC&status=Active, Automattic guarantees that the EU’s data protection requirements also apply to the processing of data in the USA are complied with.

Jetpack places a cookie on the information technology system of the person concerned. Cookies have already been explained above. Each time one of the pages of this website is accessed by the data controller and a Jetpack component has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Jetpack component for analysis purposes to submit to Automattic. As part of this technical process, Automattic learns about data that will subsequently be used to compile an overview of the site visits. The data obtained are used to analyse the behaviour of the data subject who accessed the controller’s website and are evaluated to optimise the website. The data collected through the Jetpack component will not be used to identify the data subject without the prior, explicit and explicit consent of the data subject. The data is also noted in Quantcast. Quantcast uses the data for the same purposes as Automattic.

The data subject can prevent the setting of cookies by our website, as already described above, at any time through an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used would also prevent Automattic/Quantcast from setting a cookie on the information technology system of the person concerned. In addition, cookies already set by Automattic can be deleted at any time via the Internet browser or other software programs.

Furthermore, the data subject has the option of objecting to and preventing detection of the data generated by the Jetpack cookie for use of this website and the processing of this data by Automattic/Quantcast. For this, the person concerned must press the opt-out button under the link https://www.quantcast.com/opt-out/, which sets an opt-out cookie. The opt-out cookie set with the objection is stored on the information technology system used by the data subject. If the cookies on the data subject’s system are deleted after an objection, the data subject must call up the link again and set a new opt-out cookie.

However, with the setting of the opt-out cookie, there is the possibility that the Internet pages of the controller are no longer fully usable for the data subject.

Automattic’s applicable Privacy Policy is available at https://automattic.com/privacy/. Quantcast’s applicable Privacy Policy is available at https://www.quantcast.com/privacy/. The Jetpack: WordPress Stats services is used to analyse how our website is used. The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the analysis, optimization, and economic operation of our site.

8.2 Use of WordPress Stats
This website uses the WordPress Stats tool to statistically evaluate visitor access. This service is provided by Automattic Inc., 60 29th Street # 343, San Francisco, CA 94110-4929, U.S.A.
Wordpress Stats uses cookies that are stored on your computer and allow an analysis of the use of the website. The information generated by the cookies about the use of our website is stored on servers in the U.S.A. Your IP address will be anonymised after processing and before storage.

WordPress Stats cookies remain on your device until you delete them.

The storage of “WordPress Stats” cookies is based on Art. 6 par. 1 lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its website and its advertising.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. If cookies are deactivated, the functionality of our website may be restricted.

You may object to the collection and use of your data, at any time, for the future by clicking on this link and setting an opt-out cookie in your browser: https://www.quantcast.com/opt-out/.If you delete the cookies on your computer, you will have to set the opt-out cookie again.

Web analysis is surveying, collecting and analysing data about the behaviour of visitors to websites. A web analysis service collects, among other things, data about the website from which a data subject has accessed a website (referrer), which subpages of the website have been accessed or how often and for how long a subpage has been viewed. A web analysis is mainly used to optimise a website and for cost-benefit analysis of Internet advertising.

9.1 Web analysis by Matomo (formerly PIWIK)

9.1.1 Scope of the processing of personal data
We use the open-source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. The software places a cookie on your computer (see above for cookies). If individual pages of our website are called up, the following data is stored:
(1) Two bytes of the IP address of the calling system of the user
(2) The website accessed
(3) The website from which the user came to the accessed website (referrer)
(4) The sub-pages that are accessed from the accessed website
(5) The length of time spent on the website
(6) The frequency with which the website is accessed
The software runs exclusively on the servers of our website. The personal data of users is only stored there. Your data will not be disclosed to third parties.

The software is set so that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (e.g.: 91.16.xxx.xxx). This renders attribution of the shortened IP address to the computer accessing the website impossible.

9.1.2 Legal basis for the processing of personal data
The legal basis for processing users’ personal data is Art. 6 para. 1 lit. f GDPR.

9.1.3 Purpose of data processing
The processing of the personal data of the users enables us to analyse the surfing behaviour of our users. We are in a position to compile information about the use of the individual components of our website by evaluating the data obtained. This helps us to continuously improve our website and to make it more user-friendly. For these purposes, our legitimate interest also lies in the processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR. By anonymising the IP address, users’ interest in protecting their personal data is sufficiently taken into account.

9.1.4 Duration of storage
The data will be deleted as soon as it is no longer needed for our recording purposes.
We delete the data after 5 business days.

9.1.5 Duration of storage, objection and removal options
Cookies are stored on the user’s computer and transmitted from there to our site. Therefore, as a user, you have full control of the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. Cookies that have already been saved may be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website’s features.
More information about the privacy settings of the Matomo software can be found under the following link: https://matomo.org/docs/privacy/.

Note: In the case of a request for information that is not submitted in writing, we ask for your understanding that we may then require proof that you are the person that you indeed claim to be.

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights with respect to us as the data controller:

10.1 Right to confirmation
Every data subject has the right under the General Data Protection Regulations (GDPR) to require the data controller to confirm whether it is processing the subject’s personal data. If a data subject wishes to exercise this right to confirmation, they may contact an employee of the data controller at any time.

10.2 Right to information
You can request information free of charge from the data controller as to whether personal data relating to you is being processed by us.

If this is the case, you can request the following information from the data controller:
(1) the purposes for which the personal data is processed;
(2) the categories of personal data that are processed;
(3) the recipients or the categories of recipients to whom the personal data relating to you have been disclosed or are still being disclosed;
(4) the planned duration of the storage of your personal data or, if specific information is not available, criteria for determining the duration of storage;
(5) the existence of a right to correction or deletion of your personal data, a right to restrict processing by the data controller or a right to object to this processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) all available information about the origin of the data if the personal data are not collected from the data subject;
(8) the existence of automated decision-making including profiling in accordance with Art. 22 para. 1 and 4 GDPR and–at least in these cases–meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to be informed as to whether your personal information will be transmitted to a third-party country or an international organisation. In this regard, you can request to be informed about the appropriate guarantees in accordance with Art. 46 GDPR.

If a data subject wishes to exercise this right of access to information, they may contact an employee of the data controller at any time.

10.3 Right to rectification
You have a right to rectification and/or integration with respect to the data controller if your processed personal data is incorrect or incomplete. We are required to make the correction immediately.

If a data subject wishes to exercise this right to correction, they may contact an employee of the data controller at any time.

10.4 Right to restriction of processing
Any person affected by the processing of personal data has the right, granted by the European legislator of directives and regulations, to require the controller to restrict the processing if one of the following conditions is met:

(1) The correctness of the personal data is contested by the data subject for a period that enables the data controller to check the correctness of the personal data.
(2) The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.
(3) The controller no longer needs the personal data for the purposes of the processing, but they are required to by the data subject for the establishment, exercise or defence of legal claims.
(4) The data subject has objected to the processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the data controller outweigh those of the data subject.

If the processing of personal data concerning you has been restricted, then—apart from its storage—this data may only be processed with your consent or for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person, or for reasons of an important public interest of the Union or a Member State.

If processing has been restricted in accordance with the above conditions, you will be informed by the data controller before the restriction is lifted.

If any one of the above-mentioned conditions is fulfilled and a data subject wishes to request the restriction of personal data stored by WELLFLEX GMBH, they can contact an employee of the data controller at any time. The responsible employee of the company will then restrict the processing.

10.5 Right to deletion (right to be forgotten)
a) Obligation to delete
You can request the data controller to delete your personal data immediately, and the data controller is obligated to delete this data immediately if one of the following reasons applies:
(1) the personal data concerning you is no longer necessary for the purposes for which they were collected or otherwise processed;
(2) You revoke your consent upon which its processing was based in accordance with Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR and there is no other legal basis for its continued processing;
(3) You object to its processing in accordance with Art. 21 para. 1 GDPR, and there are no overriding legitimate reasons for its continued processing, or you submit an objection to its processing in accordance with Art. 21 para. 2 GDPR.
(4) Your personal data has been processed unlawfully.
(5) The deletion of personal data relating to you is required in order to comply with legal obligations according to EU law or national law of the Member States to which we are subject.
(6) The personal data concerning you was provided in relation to information society services offered under Article 8 para. 1 GDPR.

If one of the above-mentioned reasons applies and a data subject wishes to have their personal data saved by WELLFLEX GMBH deleted, they may contact an employee of the data controller at any time. The responsible employee will arrange for the deletion request to be complied with immediately.

b) Information to third parties
If the personal data has been made public by WELLFLEX GMBH and if our company as the data controller is obligated to delete the personal data pursuant to Art. 17 para. 1 GDPR, WELLFLEX GMBH will take appropriate measures, including those of a technical nature, taking into account the available technology and costs of such measures, to inform other parties processing the published personal data that the data subject has requested the deletion of all links, copies, or records of this personal data, to the extent its further processing is not necessary. The responsible employee makes the necessary arrangements in individual cases.

c) Exceptions
The right to deletion does not exist if the processing is necessary
(1) to exercise the right to freedom of expression and information;
(2) to fulfil a legal obligation that requires processing under the law of the Union or of the Member States to which the data controller is subject, or to perform a task that is in the public interest or in the exercise of official authority which has been transferred to the data controller;
(3) for reasons of public interest in the area of public health in accordance with Art. 9 para. 2 lit. h and i, as well as Art. 9 para. 3 GDPR;
(4) for archiving, scientific, or historical research purposes in the public interest or for statistical purposes in accordance with Art. 89 para. 1 GDPR, to the extent that the law referred to in section (a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
5) to assert, exercise or defend legal claims.

10.6 Right to be informed
If you have exercised your right to have the controller correct, delete or restrict the processing, this party is obligated to inform all recipients to whom the personal data that concerns you has been disclosed of this correction or deletion of the data or restriction on the processing unless this proves impossible or involves a disproportionate effort.

You have the right to be informed as to these recipients by the data controller.

10.7 Right to data portability
You have the right to receive the personal data relating to you provided to us in a structured, common and machine-readable format. In addition, you have the right to transfer this data to another data controller without hindrance by the data controller who was provided with the personal data, provided that

(1) the processing is based on consent in accordance with Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on the basis of a contract in accordance with Art. 6 para. 1 lit. b GDPR and

(2) the processing is carried out using automated procedures.
In exercising this right, you also have the right to have the data controller transfer your personal data directly to another data controller if this is technically feasible. This action must not affect the freedoms and rights of other persons.

The right to data portability does not apply to personal data processing which is required for the performance of a task that falls within the public interest or which occurs in the exercise of public authority which was transferred to the data controller.

To assert the right to data transferability, the person concerned can contact an employee of the company at any time.

10.8 Right to object
You have the right to object to the processing of personal data concerning you at any time for reasons arising from your specific situation, which is carried out in accordance with Art. 6 para. 1 lit. e or f GDPR, including profiling based on those provisions.

In the event of a revocation, the data controller will no longer process the personal data relating to you unless they can prove a compelling, legitimate reason for this which outweighs your interests, rights, and freedoms or the processing serves to assert, exercise, or defend legal claims.

If the personal data that concerns you is being processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data that concerns you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing.

If you object to processing your data for direct marketing purposes, your personal data will no longer be processed for these purposes.

In addition, the data subject has the right, for reasons arising from their particular situation, to object to the processing of personal data concerning them for scientific or historical research purposes or for statistical purposes at the company in accordance with Art. 89 para. 1 GDPR, unless such processing is necessary for the performance of a task in the public interest.
In order to exercise the right of objection, you may contact our data controller or another employee directly. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may also exercise your right to object to using an automated process involving the use of technical specifications.

10.9 Right to revoke the consent under data protection law
You have the right to withdraw your consent at any time. Revoking consent does not affect the lawfulness of processing based on consent before its revocation. If the data subject wishes to exercise the right to revoke consent, they may contact an employee of the data controller at any time.

10.10 Objection to certain data processing/automated decision in individual cases including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

(1) is required for the conclusion or performance of a contract between you and the data controller,

(2) is permitted by Union or Member State legislation to which the data controller is subject, and that legislation is adequate to protect your rights and freedoms as well as your legitimate interests, or

(3) is made with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedom as well as your legitimate interests.
In the cases referred to in (1) and (3), the data controller will take reasonable measures to safeguard your rights, freedoms, and legitimate interests, including, at a minimum, the right to obtain the intervention of an individual on the part of the data controller to state their own position and challenge the decision.

If the data subject wishes to exercise the rights concerning automated individual decision-making, they may contact an employee of the data controller at any time.
As a responsible company, we do not use automatic decision-making or profiling.

10.11 Right to complain to a supervisory authority
If you believe that the processing of your data violates data protection law or your data protection rights have been otherwise violated in any way, you can complain to the supervisory authority.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State containing your residence, place of work, or the location of the supposed violation, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority to which the complaint is submitted informs the complainant about the status and results of the complaint, including the possibility of a judicial remedy in accordance with Article 78 GDPR.

The supervisory authority responsible for us is:
Freie Hansestadt Bremen
Die Landesbeauftragte für Datenschutz
und Informationsfreiheit
Arndtstr. 1
27570 Bremerhaven
Tel.: +49 421 3612010 or +49 471 5962010
Fax: 0421/496-18495
Email: office@datenschutz.bremen.de

In order to ensure that this Privacy Policy always meets current statutory requirements and to include changes to our services, such as the introduction of new services, we reserve the right to occasionally adapt this Privacy Policy. Any subsequent website access will then be subject to the terms of the new Privacy Policy.

Should you have any questions about data protection (collection, processing or use of your personal data) or if regarding requests, corrections, blocking or deletion of information, please contact our data protection officer: datenschutz(at)wellflex.com