WISTA - Terms / Services - Privacy policy

Privacy Policy

We are very pleased about your interest in our company. The management of WISTA Management GmbH attaches particular importance to data protection. In the following we will inform you about the collection of personal data when you use our website.

 

1. Definitions

This privacy policy is based on the terminology used be the General Data Protection Regulation (GDPR). Our privacy policy shall be easy to read and easy to understand for the public as well as for our customers and business partners. To ensure this we would like to explain the terms used in advance. We use the following terms, among others, in this privacy policy:

a) Personal data

'Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

b) Data subject

'Data subject' means any identified or identifiable natural person whose personal data are processed by the controller.

c) Processing

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

e) Profiling

‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

f) Pseudonymisation

‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;

g) Controller and joint controller ship

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

h) Processor

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

i) Recipient

‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. 2However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;

j) Third party

'Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data;

k) Consent

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

2. Name and address of the controller

The controller responsible within the meaning of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other regulations regarding data protection is:

WISTA Management GmbH
Rudower Chaussee 17
12489 Berlin
Germany

Phone: +49 30 6392-2200
E-Mail: info@wista.de
Website: www.wista.de

 

3. Name and address of the data protection officer

You can reach our data protection officer at the address stated above or at the following e-mail address:

E-Mail: datenschutz@wista.de

Every person concerned can contact our data protection officer directly at any time with all questions and suggestions regarding data protection.

 

4. Your rights

We will be pleased to provide you with information as to whether and which of your personal data are processed by us and for which purposes (Art. 15 GDPR). In addition, you are entitled to the right of correction (Art. 16 GDPR), the right to restrict processing (Art. 18 GDPR) and the right of data transferability (Art. 20 GDPR), subject to the respective legal requirements.

You also have the right to object to processing of you data (Art. 21 GDPR).

In order to exercise your rights, please contact us by e-mail at datenschutz@wista.de or by post at our address mentioned above. The exercise of your rights of course is free of charge.

Without prejudice to these rights and to the possibility of asserting any other administrative or judicial remedy, you may at any time exercise your right to appeal to a supervisory authority. In particular you can appeal to a supervisory authority in the Member State in which you are resident, in which you work or the place where the alleged infringement occurred, if you consider that the processing of personal data concerning you is in breach of data protection legislation (Art. 77 GDPR).

 

5. Purpose and legal basis of our data processing

The processing of personal data can be based on different legal bases. If we need you data to fulfil a contract with you or to answer your enquiries regarding a contract, the legal basis for this data processing is Art. 6 (1) (b) GDPR. If we obtain your consent for a specific processing, the legal basis is Art. 6 (1) (a) GDPR. We carry out some data processing based on our legitimate interests. The legal basis for this is Art. 6 (1) (f) GDPR. Insofar as the processing is necessary to fulfil a legal obligation to which we are subject, the legal basis is Art. 6 (1) (c) GDPR.

In the following, we explain how we process personal data relating our website.
 

5.1. Establishing contact

When you contact us be e-mail or through a contact form, the data you provide (your e-mail address, your name and telephone number if applicable) will be stored by us in order to answer your questions and process your requests. The legal basis in this respect is Art. 6 (1) (f) GDPR. As far as we ask for information through our contact form, that are not necessary for contacting you, we have always marked them as optional. This information serves us to concretise you inquiry and to improve the processing of your request. Any communication of this information is expressly on a voluntary basis and with your consent, Art. 6 (1) (a) GDPR. If you provide information on communication channels (e.g. e-mail address, telephone number), you also agree that we may contact you via this communication channel in order to answer your request. You can of course revoke this consent at any time in the future.

Your data, which we have received in the course of contacting you, will be deleted as soon as they are no longer required for the purposes of their collection, your request is fully processed and no further communication is necessary or desired by you.

As controller, WISTA Management GmbH has implemented numerous technical and organisational measures to ensure that the personal data processed through this website is protected as comprehensively as possible. Nevertheless, internet-based data transmissions can generally have security gaps. Absolute protection cannot be guaranteed; in any case, sending unencrypted e-mails is not secure. We therefore request that sensitive data is not send by means of unencrypted e-mail, but through either encrypted communication channels (e.g. our contact form) or the postal service.
 

5.2. Applications

The controller collects and processes the personal data of applicants for executing the application procedure. Applicants may also apply electronically. This is particularly the case if an applicant submits relevant application documents to the controller electronically, for example by e-mail. If the application concludes in an employment contract with an applicant, the data transferred is stored for executing the employment in accordance with legal requirements. If the application does not conclude in an employment contract with the applicant, the application documents are automatically deleted two months after notification, at the latest after a maximum of 6 months after the decision, provided that no other legitimate interests of the data controller conflicts with a deletion or you have not expressly given your consent to a longer storage of your data. Our legitimate interests in this sense include, for example, a duty of proof in proceedings under the General Equal Treatment Act “Allgemeines Gleichbehandlungsgesetz” (AGG). Please note that unencrypted e-mails are not protected against illegal or undesired access. The legal basis is Art. 6 (1) (a), (b), and (f) GDPR as well as § 26 BDSG (Federal Data Protection Act).
 

5.3. Collection of general data while visiting our website

The website of WISTA Management GmbH collects a range of general data and information every time a data subject or automated system accesses the website. This general data and information is stored in the log files of the web server. The following can be recorded: (1) browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of an access to the Internet site, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information which serve to avert danger in the event of attacks on our information technology systems.

When using this general data and information, WISTA Management GmbH will not draw any conclusions about the data subject. Rather, this information is required in order (1) to deliver the contents of the website, (2) to optimize the contents of our website and the advertising for it, (3) to ensure the permanent operability of our information technology systems and the technology of our website and /4) to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber attack. This anonymously collected data and information is therefore evaluated by WISTA Management GmbH both statistically and with the aim of increasing data protection and data security in our company, ultimately ensuring an optimum level of protection for the personal data processed by us. The anonymous data in the server log files are stored separately from all personal data provided by a data subject.
 

5.4. Cookies

The website of WISTA Management GmbH uses cookies. Cookies are text files that are stored on a computer system via an Internet browser.
Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a string of characters that can be used to assign Internet pages and servers to the specific Internet browser in which the cookie was stored. This enables the Internet pages and servers visited to distinguish the individual browser of the person concerned from other Internet browsers that contain other cookies. A specific Internet browser can be recognized and identified by means of the unique cookie ID.
The use of cookies enables WISTA Management GmbH to provide users of this website with more user-friendly services.
By means of a cookie, the information and offers on our website can be optimized in the interests of the user. As already mentioned, cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, the user of a website that uses cookies does not have to enter his or her access data each time he or she visits the website, because this is done by the website and the cookie stored on the user's computer system.

You can prevent the setting of cookies by our website at any time by means of an appropriate setting in the Internet browser used, thereby permanently opposing the setting of cookies. Furthermore, you can delete cookies that have already been set at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If you deactivate the setting of cookies in the Internet browser used, it is possible that not all functions of our website are usable to their full extent.
 

5.5. Use of social bookmarks

This website uses social bookmarks of the following providers:

  • LinkedIn (provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
  • Facebook (provider: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA)
  • Twitter (provider: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
  • WhatsApp (provider: WhatsApp Irleand Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

Social bookmarks are Internet bookmarks with which the users of such a service can collect links and news items. These are included on our website merely as links to the corresponding services. After clicking on the embedded graphic, you will be redirected to the page of the respective provider, i.e. only then will user information be transferred to the respective provider. For information on how your personal data is handled when using these websites, please refer to the respective data protection regulations of the providers.
 

5.6. Use of social plug-ins

This website uses social plug-ins of the following providers:

  • Twitter (provider: Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA)

These plug-ins usually collect data from you by default and transmit it to the servers of the respective provider. To ensure the protection of your privacy, we have taken technical measures to ensure that the providers of the respective plug-in cannot collect your data without your consent. When you call up a page on which the plug-ins are integrated, they are initially deactivated. Only by clicking on the respective symbol the plug-ins are activated and you give your consent that your data is transferred to the respective provider. The legal basis for the use of the plug-ins is Art. 6 (1) (a).

After activation, the plug ins also collect personal data such as your IP address and send it to the servers of the respective provider, where it is stored. In addition, activated social plug-ins set a cookie with a unique identifier when you call up the relevant website. This enables the providers to create profiles about your usage behaviour. This happens even if you are not a member of the social network of the respective provider. If you are a member of the social network of the provider and you are logged in to the social network during your visit to this website, your data and information about your visit to this website can be linked to your profile on the social network. We have no influence on the exact scope of the data collected by the respective provider. For more information on the scope, type and purpose of data processing and on rights and setting options for protecting your privacy, please refer to the data protection information of the respective social network provider. These are available at the following addresses:

5.7. OpenStreetMap

The website of WISTA Management GmbH integrates the maps of the OpenStreetMap Foundation service via the API of Leaflets (https://wiki.osmfoundation.org/wiki/Main_Page). OpenStreetMap, as a Google Maps alternative, is an open source JavaScript library that enables us to integrate interactive maps on our website. From a technical point of view, it is necessary to make requests to the server.arcgisonline.com to display the maps correctly. As a result of these requests, it is generally possible that information about your use of this website (including your IP address and location data) may be transmitted to other servers and stored there. To the best of our knowledge, OpenStreetMap uses user data exclusively for the purpose of displaying map functions and temporarily storing the selected settings. Further information about OpenStreetMap and the respective storage period of the collected data can be obtained from the provider or at https://www.openstreetmap.de/faq.html or https://wiki.osmfoundation.org/wiki/Privacy_Policy. More information on the API leaflets used can be found at https://www.leafletjs.com.

You can deactivate the OpenStreetMap service and thus prevent data transfer to third parties by deactivating JavaScript in your browser. However, we would like to point out that in this case you will not be able to use the map display on our pages, or only to a limited extent.
 

5.8. Google Custom Search Engine (Google CSE)

Within the WISTA Management GmbH website, the "Google Custom Search Engine" (Google CSE) is used as the central search service. The integrated search service enables a full-text search for the contents of the website. Access to this search function is possible via a specially set up search page. Google Inc („Google“) provides the search field on this page („search field"). Entering a search term in the search field activates the search field and the data entered is forwarded to Google. The search results are reloaded using a plug-in provided by Google.

As a matter of principle, we transmit no data to the provider of the search service (Google) when official websites of WISTA Management GmbH are accessed. Data is only transmitted to Google as soon as the user uses the search field on the search page. By activating and using the search function within the page, users' data is simultaneously transmitted to Google.

By activating and using the full-text search function, the visitor consents to the use of the Google search service and thus also to the transfer of data to the Google service. This includes, for example, the search terms entered by the visitor and the IP address of the computer used. Please note that different data protection standards apply to Google than to the WISTA Management GmbH website. We expressly draw your attention to the fact that the processing, in particular the storage, deletion and use of any personal data that may be transmitted is the responsibility of the provider of the search service and that the operator of the WISTA Management GmbH website has no influence on the type and scope of the transmitted data or on its further processing.

If you are simultaneously logged in at Google, the Google service is able to assign the information directly to your user profile.

Further information from Google on the handling of user data (privacy policy) is available at: policies.google.com/privacy.

 

6. Data transfer

As a matter of principle, your data will not be transferred to third parties, unless we are legally obliged to do so. As far as external service providers are exposed to your personal data, we have ensured through legal, technical and organisational measures as well as through regular controls that they comply with the regulations of the data protection laws. Furthermore, these service providers may only use your data in accordance with our instructions.

 

7. Routine deletion and blocking of personal data

The controller shall process and store personal data relating to the data subject only for the period of time necessary to achieve the purpose of storage or when it is allowed by the European legislator or other legislators by law or regulations to which the controller is subject.

If the purpose of storage ceases to apply or if a retention period regulated by the European legislator or another competent legislator expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.

Contact

WISTA Management GmbH

Rudower Chaussee 17, 12489 Berlin
+49 30 6392-2200
+49 30 6392-2201