Privacy policy

Woco attaches particular importance to the appropriate handling of your data. It is therefore particularly important to us to maintain a privacy policy that is suitable for you. This is the only way we can ensure the security of your privacy and the confidentiality and integrity of your data. Our group-specific data protection declarations show which personal data is collected, processed and used.

You can adjust your cookie settings here.

Data protection information for applicants

With this data protection notice, we inform you about the processing of your personal data by us and about the rights to which you are entitled.

 

1. Who is responsible for data protection?

Woco Industrietechnik GmbH is responsible for data processing.

Phone: +49 6056 78-0
E-Mail: info@de.wocogroup.com

 

2. How can you contact our data protection officer?

You can reach our data protection officer by e-mail at: datenschutz@de.wocogroup.com.

 

3. What data do we process and where does it come from?

We process personal data that we receive from you in connection with an application. In particular, the following data is processed: master data (e.g. name, address and contact details, curriculum vitae), correspondence data (e.g. correspondence with you) and other applicant data[1] (certificates, proof of further training, etc.).

 

4. What do we process your data for (purpose of processing) and on what legal basis?

In order to protect your personal data provided to us as part of the application process, we comply with the legal provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). 

All data that you provide to us as part of your application will be processed solely for the purpose of carrying out the application and selection process and will be used solely to assess your professional suitability and to contact you. These include, among others: Your title, first name, last name, address, contact details, CV and data on your education and qualifications (Art. 6 para. 1 lit. b) GDPR; § 26 BDSG). In the context of employment, you only have to provide the personal data that is necessary for the establishment, implementation and termination of the employment. 

If you provide us with "special categories of personal data" in accordance with Art. 9 GDPR in the documents you submit as part of the application process (e.g. a photo that reveals ethnic origin, etc.), the processing also refers to this data. 

However, we would like to judge all applicants only on the basis of their qualifications and therefore ask you to refrain from providing such information in your application as much as possible. All necessary technical and organizational security measures are taken to protect your data from loss and misuse. 

If and to the extent that you have given us your consent to the processing of personal data, the respective consent is the legal basis for the processing mentioned there (Art. 6 para. 1 lit. a) GDPR). You can revoke consent at any time with effect for the future. We will obtain separate consent from you to include your applicant data in our applicant pool. 

 

5. Who do we share the data with?

Your application documents will only be passed on to those departments of us that need them to evaluate the application and for hiring them (Human Resources Department and the respective department to which the application relates). In addition, external bodies will only receive your data without exception if they have been contractually bound by us to fulfil their obligations as processors (Art. 28 GDPR) and guarantee that they process your data in accordance with our instructions. 

 

6. Do we transfer data to third countries?

Your data will only be processed within the European Union and states within the European Economic Area (EEA). Otherwise, you will always be informed separately in advance, including the right to object to such data transfer separately at any time. 

 

7. How long do we store your data?

We only store your personal data for as long as is necessary for the provision of the associated contractual services. In addition to the duration of the actual application process, this also includes data processing in the context of the initiation and processing of the employment relationship. In addition, we are subject to various retention and documentation obligations, which result from the General Equal Treatment Act (AGG) and the Code of Civil Procedure (ZPO), among others. 

 

8. Is there an obligation to provide data?

As part of the application, you only have to provide the personal data that is necessary for the start, implementation and completion of the application process.

 

9. To what extent is there automated decision-making in individual cases?

As a matter of principle, we do not use automated decision-making in accordance with Art. 22 GDPR to justify and execute the application. If we use these procedures in individual cases, we will inform you separately.

 

10. To what extent do we use your data for profiling?

We do not process your data for so-called "profiling" in accordance with Art. 4 No. 4 GDPR.

 

11. What data protection rights do you have?

Under the respective legal requirements, you have the right to request confirmation at any time as to whether we are processing personal data and the right to information (Art. 15 GDPR, § 34 BDSG) about this personal data. In addition, you have the right to rectification (Art. 16 GDPR), deletion (Art. 17 GDPR, § 35 BDSG) and restriction of data processing (Art. 18 GDPR), as well as the right to object to the processing of personal data (Art. 21 GDPR) at any time, or to revoke your consent to data processing at any time or to demand data transfer (Art. 20 GDPR). In addition, you have the right to complain to a supervisory authority in the event of data protection violations (Art. 77 GDPR, § 19 BDSG).

Data protection information for employees

With this data protection notice, we inform you about the processing of your personal data by us and about the rights to which you are entitled. The legal basis can be found in the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).

 

1. Who is responsible for data protection?

Woco Industrietechnik GmbH is responsible for data processing.

Phone: +49 6056 78-0
E-Mail: info@de.wocogroup.com

 

2. How can you contact our data protection officer?

You can reach our data protection officer by e-mail at: datenschutz@de.wocogroup.com.

 

3. What data do we process and where does it come from?

a) Personal Identification and Family Information:

Employee's name and contact information (home address, telephone and fax numbers, and email address), as well as emergency contact information, gender, photograph (with your consent), credit card and bank account details, marital status, date of birth, nationality and residence information, social security or national insurance number or other local equivalent, national ID number, passport number, driver's license number, number of the work permit, tax identification numbers, severe disability and 

 

b) Personal information relating to the employment relationship: 

including job/position title, names, titles and department of supervisors, managers' direct supervisors, workplace contact information (e.g., building location and address, telephone and fax numbers, and email address), company ID number, job description code, job action code, region, time zone, employee identification number, IP address, username(s), password(s), access control data, video data,  Division, subdivision, department, employment contract, employment biography (including references from previous employers), employees posted abroad, working hours, vacation entitlements, payroll and compensation related data (bonus information, pay scales, and any wage/salary-related changes), pension program participation information, absence information, travel and expense-related information,  Company credit card information, information on fees and deductions for payroll purposes (e.g., loans, alimony), information on benefits (housing, vehicle, transportation, meals, family, or other), qualifications and work experience, training, talent management information, performance-related information, and information regarding career goals, date of employment, length of service, date of departure (where applicable), reports from executive search firms, or Temporary employment agencies (where applicable), degree of severe disability, health data and any additional information contained in conflicts of interest confirmations.

 

4. What do we process your data for (purpose of processing) and on what legal basis?

a) Based on your consent to data processing (Art. 6 para. 1 lit. a) GDPR) 

If and to the extent that you have given your consent to the processing of personal data, the respective consent is the legal basis for the processing specified therein. You can revoke consent at any time with effect for the future. 

b) For contractual purposes and purposes of the employment relationship (Art. 6 para. 1 lit. b) GDPR)

Your data will be processed for the purpose of initiating or executing our contracts with you. In addition, data processing is carried out for the purposes of the employment relationship if this is necessary for the decision on the establishment of an employment relationship or, after the establishment of the employment relationship, for its implementation or termination. The specific purposes of data processing depend in detail on the respective employment contracts. For the purposes of the employment relationship, the processing is also partly carried out based on collective agreements (in particular collective agreements and works agreements). 

c) In the context of the balancing of interests (Art. 6 para. 1 lit. f) GDPR)

Your data may also be used based on a balancing of interests to protect the legitimate interests of us or third parties. This is done, for example, for the purpose of ensuring IT security and IT operations, asserting legal claims and defending in legal disputes, preventing and solving crimes, as well as risk management and fraud prevention.

d) Due to legal requirements (Art. 6 para. 1 lit. c) GDPR)

We are subject to various legal obligations that entail data processing. These include, for example, tax laws, as well as statutory accounting, the fulfilment of inquiries and requirements from national or foreign supervisory or law enforcement authorities as well as the fulfilment of control and reporting obligations under tax law, as well as the Working Hours Act (ArbZG) or the Minimum Wage Act.

The following are individual purposes that may be relevant to your role: 

• Managing current employee relationships (including organizing workflows and training staff)

• Compensation and perks (such as compensation and bonus analysis and administration)

• Financial transactions (including payroll processing, administration of wages, expenses, taxes, required notices to government agencies, transfer of corporate credit cards, and reimbursement of travel and expenses)

• Recruitment (including grading) 

• Maintenance of employee directories and organizational charts

• Employee performance (including complaints/reports of misconduct, resolving conflicts of interest, conducting performance reviews, promoting career or leadership development, organizing the "whistleblower" program, customer relations/satisfaction) 

• Security of Woco's assets and personnel (verification of video surveillance systems), verification of online behavior, employee's workplace, verification of email traffic (during an investigation), verification of the use of electronic asset tools)

• Workforce Scheduling 

• Employee Engagement 

• Brand promotion, maintenance and promotion of products/services (including marketing activities and social media activities) 

• Investigation of cases of non-compliance with laws and company policies as well as dealing with disciplinary measures (controlling, monitoring and enforcing compliance with Woco company policies and processes and with legal and regulatory requirements) 

• IT management (including provision of IT support and services) 

• Employee health and safety

• Severe disability

• Fraud and Loss Prevention and Detection 

• Mergers, acquisitions and/or restructurings (including the completion of any actual or proposed purchases of all or part of Woco's business or, in the event of a merger, acquisition or public offer, providing the necessary information to the purchaser of shares or assets of Woco or any of its direct or indirect subsidiaries), and concluding any other purpose, which are directly related to the above.

 

5. Who do we share the data with?

Within the company, we will only pass on your data to those departments that need it to fulfil contractual and legal obligations or to perform their respective tasks (e.g. Human Resources). In addition, external bodies will only receive your data without exception if they have been contractually bound by us to fulfil their obligations as processors (Art. 28 GDPR) and guarantee that they process your data in accordance with our instructions. In addition, we only pass on data to persons or bodies for which you have given us your consent to transfer data, or if we are legally obliged to pass it on.

As part of normal business operations, employee data may be disclosed to third-party HR and payroll related functions (e.g., banks, insurance companies, and other employee service providers), as well as governance, risk, compliance, and security management. Woco may also disclose employee data to third-party service providers, for example in connection with information technology support (e.g., software maintenance and data hosting, remote management of IT infrastructure and applications, application development and maintenance, and global service desk operations) and HR support (e.g., benefits and consulting for human capital management, performance and talent management, career planning, employee training, payroll solutions, and Expense reporting and credit card management), marketing support and social media support, and in connection with corporate finance, accounting, reporting and payroll payment services entrusted to those service providers. In addition, employee data for the booking of work-related travel arrangements may be disclosed to a third-party travel agency, which in turn may transfer employee data to Woco. 

Woco may also disclose employee information to government and regulatory authorities (e.g., tax authorities), social services (e.g., social services), providers of other services (e.g., health insurance companies), outside consultants (e.g., lawyers, auditors, auditors), courts, and government agencies to the extent required or permitted by applicable legal obligations.

Woco and its affiliates may transfer employee data to the other Woco companies with a branch in Germany, whereby the employee data is protected with appropriate additional safeguards. 

 

6. Do we transfer data to third countries?

Your data will only be processed within the European Union and states within the European Economic Area (EEA). Otherwise, you will always be informed separately by us in advance, including the right to object to such data transfer separately at any time. 

Some of the third-party service providers may be located in territories outside the EU that do not provide a level of protection for personal data equivalent to that provided by your home country. Woco 

  1. exercise reasonable due diligence in the selection of such external service providers, and 
  2. requests appropriate contractual measures so that the third-party service providers maintain adequate technical and organizational security measures in compliance with applicable legal requirements in order to protect the employee data and to process the employee data only as mandated by Woco and for no other purpose. 

In order to provide adequate protection for transfers outside the EU, Woco uses transfer mechanisms recognised by your home country, which may involve the fulfilment of appropriate contractual clauses based on and in accordance with EU model clauses. In the area of third-party providers, which are subject to national laws that allow increased access by authorities and are not equivalent to your home country, so-called "additional safeguards" are agreed. These additional guarantees may include, but are not limited to:

  1. Technical measures such as encryption or anonymization
  2. Contractual measures such as amendments to the EU model clauses.
     

7. How long do we store your data?

We will only store your personal data for as long as is necessary for the performance of the associated employment relationship. In addition, we are subject to various retention and documentation obligations, which include, among other things, tax regulations (e.g. the German Commercial Code (HGB)); Tax Code (AO)) as well as from labour law provisions. The retention or documentation periods specified there are five to ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to §§ 195 et seq. of the German Civil Code (BGB), can usually be three years, but in certain cases up to 30 years. The records of working hours in accordance with § 16 of the Working Hours Act (ArbZG) are kept for 2 years. 

 

8. Is there an obligation to provide personal data?

In the context of the employment relationship, you only have to provide the personal data that is necessary for the commencement, implementation and termination of the employment relationship.

 

9. To what extent is there automated decision-making in individual cases?

As a matter of principle, we do not use automated decision-making in accordance with Art. 22 GDPR to establish and carry out the business relationship. If we use these procedures in individual cases, we will inform you separately.

 

10. To what extent do we use your data for profiling?

We do not process your data automatically with the aim of evaluating certain personal aspects (so-called "profiling" in accordance with Art. 4 No. 4 GDPR). 

 

11. What data protection rights do you have?

Under the respective legal requirements, you have the right to request confirmation at any time as to whether we are processing personal data and the right to information (Art. 15 GDPR, § 34 BDSG) about this personal data. In addition, you have the right to rectification (Art. 16 GDPR), deletion (Art. 17 GDPR, § 35 BDSG) and restriction of data processing (Art. 18 GDPR), as well as the right to object to the processing of personal data (Art. 21 GDPR) at any time, or to revoke your consent to data processing at any time or to demand data transfer (Art. 20 GDPR). In addition, you have the right to complain to a supervisory authority in the event of data protection violations (Art. 77 GDPR, § 19 BDSG).

Data protection information for customers

With this data protection notice, we inform you about the processing of your personal data by us and the rights to which you are entitled. The legal basis can be found in the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
 

1. Who is responsible for data protection?

Woco Industrietechnik GmbH is responsible for data processing
Phone: +49 6056 78-0, E-Mail: info@de.wocogroup.com
 

2. How can you contact our data protection officer?

You can reach our data protection officer at datenschutz@de.wocogroup.com.

 

3. What data do we process and where does it come from?

We process personal data that we receive from you in connection with an application. In particular, the following data is processed: Master data (e.g. name, address and contact details, CV), correspondence data (e.g. correspondence with you) and other applicant data (certificates, training certificates, etc.).
 

4. What do we process your data for (purpose of processing) and on what legal basis?

a)    On the basis of your consent to data processing (Art. 6 para. 1 lit. a GDPR)
If and insofar as you have given your consent to the processing of personal data, the respective consent is the legal basis for the processing specified therein. This applies, for example, to the receipt of electronic customer information. You can revoke your consent at any time with effect for the future.
b)    For the fulfillment of contractual obligations (Art. 6 para. 1 lit. b GDPR)
Your data will be processed to initiate or execute our contracts with you or our contractual partners, 
i.e. for the provision of our services, for example. The specific purposes of data processing depend in detail on the respective service and product descriptions and the associated contract documents.
c)    Due to legal requirements (Art. 6 para. 1 lit. c GDPR)
We are subject to various legal obligations that entail data processing. These include, for example, tax laws and statutory accounting, the fulfillment of inquiries and requirements of national or foreign supervisory or law enforcement authorities as well as the fulfillment of tax control and reporting obligations.
d)    In the context of the balancing of interests (Art. 6 para. 1 lit. f GDPR)
Your data may also be used on the basis of a balancing of interests to protect the legitimate interests of us or third parties. This is done, for example, for the purpose of further developing our services or systems and products, ensuring IT security and IT operations, advertising, market and opinion research, the assertion of legal claims and defense in legal disputes, the prevention and investigation of criminal offenses as well as risk management and fraud prevention.

5. Who do we pass the data on to?

Your data will only be passed on by us within the company to those of our departments that need it to fulfill their contractual and legal obligations or to fulfill their respective tasks (e.g. customer service, IT, sales and marketing). In addition, external bodies will only receive your data without exception if they have been contractually obliged by us to fulfill their obligations as processors (Art. 28 GDPR) and guarantee that they will process your data in accordance with our instructions. In addition, we only pass on data to persons who work on behalf of our contractual partners or to bodies or persons for whom you have given us your consent to transfer data.

6. Do we transmit data to third countries?

When using Microsoft 365, personal data is transferred to third countries. Further details on data protection and data security at Microsoft can be found at: 
https://privacy.microsoft.com/de-de/privacystatement

Otherwise, your data will only be processed within the European Union and countries within the European Economic Area (EEA). Otherwise, you will always be informed separately in advance, including the right to object to such data transfer separately at any time.
 

7. How long do we store your data?

We only store your personal data for as long as is necessary for the provision of the associated contractual services. In addition to the duration of the actual business relationship, this also includes data processing in the context of the initiation and execution of contracts. In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (HGB) and tax regulations (German Fiscal Code - AO), among others. The retention and documentation periods specified there are five to ten years. Finally, the storage period is also determined by the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to 30 years.

8. Is there an obligation to provide data?

As part of our business relationship, you must only provide the personal data that is required for the establishment, execution and termination of a business relationship or that our contractual partners or we are legally obliged to collect. Otherwise, it will not be possible to conclude or execute the contract.
 

9. To what extent is there automated decision-making in individual cases?

In principle, we do not use automated decision-making in accordance with Art. 22 GDPR to establish and conduct the business relationship. Should we use these procedures in individual cases, we will inform you of this separately.
 

10. To what extent do we use your data for profiling? 

We process your data partly automatically with the aim of evaluating certain personal aspects (so-called "profiling" in accordance with Art. 4 No. 4 GDPR). Profiling is used, for example, to determine the potential interest of our contractual partners in our products and your services. This evaluation is carried out, for example, on the basis of statistical procedures using current and past customer data. We use the results to address you in a more needs-based and targeted manner.
 

11. What data protection rights do you have?

Under the respective legal requirements, you have the right to request confirmation at any time as to whether we process personal data and the right to information (Art. 15 GDPR, Section 34 BDSG) about this personal data. You also have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR, Section 35 BDSG) and restriction of data processing (Art. 18 GDPR), as well as the right to object to the processing (Art. 21 GDPR) of personal data at any time, or to withdraw your consent to data processing at any time or to request data portability (Art. 20 GDPR). You also have the right to lodge a complaint with a supervisory authority in the event of data protection violations (Art. 77 GDPR, Section 19 BDSG).
 

12. Separate reference to your right to object

1.    Right to object on a case-by-case basis
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1) GDPR (data processing on the basis of a balancing of interests). This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR, which may be carried out, for example, for customer advice and customer support and for sales purposes. If you object, your personal data will no longer be processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

2.    Right to object to the processing of data for direct marketing purposes
We may also process your data for direct marketing purposes within the scope of the statutory provisions. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising, without incurring any costs other than the transmission costs according to the basic rates. This also applies to profiling insofar as it is associated with such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. The objection can be made in any form. The contact details can be found in section 1 of this privacy policy.

Data protection information for suppliers and service providers

With this data protection notice, we inform you about the processing of your personal data by us and the rights to which you are entitled. The legal basis can be found in the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG).
 

1. Who is responsible for data protection?

Responsible for data processing is Woco Industrietechnik GmbH
Phone: +49 6056 78-0, E-Mail: info@de.wocogroup.com
 

2. How can you contact our data protection officer?

You can reach our data protection officer at datenschutz@de.wocogroup.com.

 

3. What data do we process and where does it come from?

We process personal data that we receive from you in connection with the initiation of a business relationship (e.g. inquiry, quotation) or from the business relationship. In particular, the following data is processed: Master data (e.g. name, address and contact details of the legal representatives, bank details and tax number of the contractual partner; contact details of the individual contact persons ), correspondence data (e.g. correspondence with you, customer support) as well as advertising and sales data, contract data (type and content), order data, sales and receipt data, supplier history and consulting documents.
 

4. What do we process your data for (purpose of processing) and on what legal basis?

a)    For the fulfillment of contractual obligations (Art. 6 para. 1 lit. b GDPR)
The personal data is processed for the initiation and execution of the respective supplier contracts. The specific purposes of data processing are determined in detail by the respective service descriptions and the associated contract documents.
b)    Due to legal requirements (Art. 6 para. 1 lit. c GDPR)
We are subject to various legal obligations that entail data processing. These include, for example, tax laws and statutory accounting, the fulfillment of inquiries and requirements of national or foreign supervisory or law enforcement authorities as well as the fulfillment of tax control and reporting obligations.
c)    In the context of the balancing of interests (Art. 6 para. 1 lit. f GDPR)
The personal data may also be used on the basis of a balancing of interests to protect the legitimate interests of us or third parties. This is done, for example, for the purpose of ensuring IT security and IT operations, advertising, market and opinion research, the assertion of legal claims and defense in legal disputes, the prevention and investigation of criminal offenses as well as risk management and fraud prevention.
 

5. Who do we pass the data on to?

Your data will only be passed on by us within the company to those of our departments that need it to fulfill their contractual and legal obligations or to perform their respective tasks (e.g. financial accounting, purchasing, IT). In addition, external bodies will only receive your data without exception if they have been contractually obliged by us to fulfill their obligations as processors (Art. 28 GDPR) and guarantee that they will process your data in accordance with our instructions. In addition, we only pass on data to persons who work on behalf of our contractual partners or to bodies or persons for whom you have given us your consent to transfer data.

 

6. Do we transmit data to third countries?

Your data will only be processed within the European Union and countries within the European Economic Area (EEA). Otherwise, you will always be informed separately by us in advance, including the right to object to such data transfer separately at any time.
 

7. How long do we store your data?

We only store your personal data for as long as is necessary for the provision of the associated contractual services. In addition to the duration of the actual business relationship, this also includes data processing in the context of the initiation and execution of contracts. In addition, we are subject to various retention and documentation obligations arising from the German Commercial Code (HGB) and tax regulations (German Fiscal Code - AO), among others. The retention and documentation periods specified there are five to ten years. Finally, the storage period is also determined by the statutory limitation periods, which, for example, according to Sections 195 et seq. of the German Civil Code (BGB), are generally three years, but in certain cases can be up to 30 years. 
 

8. Is there an obligation to provide data?

As part of our business relationship, you must only provide the personal data that is necessary for the establishment, execution and termination of a business relationship or that our contractual partners or we are legally obliged to collect. Otherwise, it will not be possible to conclude or execute the contract.
 

9. To what extent is there automated decision-making in individual cases?

In principle, we do not use automated decision-making in accordance with Art. 22 GDPR to establish and conduct the business relationship. Should we use these procedures in individual cases, we will inform you of this separately.
 

10. To what extent do we use your data for profiling?

We do not process your data for so-called "profiling" in accordance with Art. 4 No. 4 GDPR.
 

11. What data protection rights do you have?

Under the respective legal requirements, you have the right to request confirmation at any time as to whether we process personal data and the right to information (Art. 15 GDPR, Section 34 BDSG) about this personal data. You also have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR, Section 35 BDSG) and restriction of data processing (Art. 18 GDPR), as well as the right to object to the processing (Art. 21 GDPR) of personal data at any time, or to withdraw your consent to data processing at any time or to request data portability (Art. 20 GDPR). You also have the right to lodge a complaint with a supervisory authority in the event of data protection violations (Art. 77 GDPR, Section 19 BDSG).
 

Data protection information on video surveillance

Kronach

Name and contact details of the person responsible and, if applicable, their representative:

Woco Kronacher Kunststoffwerk GmbH, Industriestraße 7, 96317 Kronach 

Phone: +49 9261 505-299, E-Mail: kronacher@de.wocogroup.com 
 

Contact details of the data protection officer:

You can contact our data protection officer (Claudia Albrecht, PRW Consulting GmbH) at the following e-mail address:

datenschutz@de.wocogroup.com 
 

Purposes and legal basis of data processing:

Video surveillance is carried out within the scope of domiciliary rights to safeguard Woco's legitimate interest in preventing and preserving evidence of criminal offenses. Surveillance is not used to monitor performance and behavior or to compare and measure the performance of employees.  

Legal basis: Art. 6 para. 1 lit. f) GDPR. 
 

Legitimate interests that are being pursued: 

The camera surveillance system serves exclusively a) to prevent or detect access by unauthorized persons, to prevent industrial espionage, theft, etc., b) to record damage to property, c) to prevent or detect theft on the company premises and to prevent or detect criminal offences, d) to comply with legal, regulatory or customer requirements and e) to detect violations that would justify extraordinary termination of employees without notice. 
 

Storage duration or criteria for determining the duration: 

The retention periods for the video streams vary and are defined per camera and recording purpose. Recordings from video surveillance are generally deleted after 14 days. If facts justify the assumption that actions can be identified that can be prosecuted as a criminal offence or used to assert claims under civil law, they are stored for a longer period of time, as there are specific reasons for this.
 

Recipients or categories of recipients of the data (if data transfer takes place):

The persons responsible for video surveillance have access to the recordings as part of their work. Data from recordings is only transferred to third parties (e.g. law enforcement authorities) if this is necessary to investigate criminal offenses.
 

Information on the rights of data subjects

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information specified in Art. 15 GDPR. 

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).

The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued (right to erasure).

The data subject has the right to obtain from the controller restriction of processing where one of the conditions listed in Art. 18 GDPR applies, e.g. if the data subject has objected to processing, for the duration of the controller's review.

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims (Art. 21 GDPR).

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Art. 77 GDPR). The data subject may exercise this right before a supervisory authority in the Member State of his or her habitual residence, place of work or place of the alleged infringement.

Bad Soden-Salmünster

Name and contact details of the person responsible and, if applicable, their representative:

Woco Industrietechnik GmbH, Hanauer Landstraße 16, 63628 Bad Soden-Salmünster 

Phone: +49 6056 78-0
E-Mail: info@de.wocogroup.com 
 

Contact details of the data protection officer: 

You can contact our data protection officer (Claudia Albrecht, PRW Consulting GmbH) at the following e-mail address:  

datenschutz@de.wocogroup.com 
 

Purposes and legal basis of data processing:

Video surveillance is carried out within the scope of domiciliary rights to safeguard Woco's legitimate interest in preventing and preserving evidence of criminal offenses. Surveillance is not used to monitor performance and behavior or to compare and measure the performance of employees.  

Legal basis: Art. 6 para. 1 lit. f) GDPR. 
 

Legitimate interests that are being pursued:

The camera surveillance system serves exclusively a) to prevent or detect access by unauthorized persons, to prevent industrial espionage, theft, etc., b) to record damage to property, c) to prevent or detect theft on the company premises and to prevent or detect criminal offences, d) to comply with legal, regulatory or customer requirements and e) to detect violations that would justify extraordinary termination of employees without notice. 
 

Storage duration or criteria for determining the duration:

The retention periods for the video streams vary and are defined per camera and recording purpose. Recordings from video surveillance are generally deleted after 7 days. If facts justify the assumption that actions can be identified that can be prosecuted as a criminal offense or used to assert civil law claims, they are stored for a longer period of time, as this is based on a specific occasion.
 

Recipients or categories of recipients of the data (if data transfer takes place):

The persons responsible for video surveillance are given access to the recordings as part of their work. Data from recordings is only transferred to third parties (e.g. law enforcement authorities) if this is necessary to investigate criminal offenses. 
 

Information on the rights of data subjects 

The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the information specified in Art. 15 GDPR.

The data subject has the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her and, where applicable, the completion of incomplete personal data (Art. 16 GDPR).

The data subject has the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where one of the grounds listed in Art. 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued (right to erasure). 

The data subject has the right to obtain from the controller restriction of processing where one of the conditions listed in Art. 18 GDPR applies, e.g. if the data subject has objected to processing, for the duration of the controller's review.

The data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims (Art. 21 GDPR). 

Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority if the data subject considers that the processing of personal data relating to him or her infringes the GDPR (Art. 77 GDPR). The data subject may exercise this right before a supervisory authority in the Member State of his or her habitual residence, place of work or place of the alleged infringement.

Data protection information for Woco AR app

This data protection notice informs you about the processing of your personal data by us and the rights to which you are entitled.

 

1.Who is responsible for data protection?

The following Woco Group companies are responsible for data processing:  

Woco GmbH & Co. KG, Woco Franz Josef Wolf Holding GmbH, Woco Industrietechnik GmbH, Woco IPS GmbH, Effbe GmbH, Woco Kronacher Kunststoffwerk GmbH, Woco Eisenacher Kunststofftechnik GmbH.

Phone: +49 6056 78-0, E-Mail: info@de.wocogroup.com 
 

2. How can you contact our data protection officer? 

You can reach our data protection officer by e-mail at: datenschutz@de.wocogroup.com 
 

3. What data do we process and where does it come from?

The WOCO AR app enables you to obtain detailed information on individual components and products of the Woco Group via QR codes. In order for the WOCO AR app to provide this service, you need authorization to access the following functions on your mobile device: 

  • Camera (no recording or storage of image data takes place at any time);  
  • Internet;
  • Location (location data, e.g. for geolocalization, is not processed either by the Woco Group or by our external service provider).

Your contact details are not accessed. The app can be used without registration (e.g. via an e-mail address).  

In exceptional cases, people may also be in the camera's field of vision. However, such image data is not processed or used; no recordings are made (see above).
 

4. What do we process your data for (purpose of processing) and on what legal basis?

This process serves to inform and train the trainees and interns of the Woco Group and other interested parties.  

The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR (consent to the release of authorizations) and Art. 6 para. 1 lit. f) GDPR (legitimate interest). The legitimate interest is to ensure the technical functionality of the app.  
 

5. Who do we pass the data on to?

Personal data is only passed on within the company to those departments that need it to fulfill contractual and legal obligations or to perform their respective tasks. In addition, external bodies only receive personal data if we have obligated them to fulfill their data protection obligations. The app is managed and maintained by our service provider, romeis Information Engineering GmbH. The WOCO AR app is hosted via Google Cloud.  
 

6. Do we transmit data to third countries?

We do not transfer personal data to recipients in so-called third countries, i.e. countries outside the European Economic Area (EEA) or to international organizations, as part of this process.
 

7. How long do we store your data?

We only store your personal data for as long as is necessary to provide the associated services (use of the app). Image data is not recorded or stored at any time.
 

8. Is there an obligation to provide data?

You only need to provide the personal data required to use the services.
 

9. To what extent is there automated decision-making in individual cases? 

We do not use automated decision-making in accordance with Art. 22 GDPR as part of this process.
 

10.To what extent do we use your data for profiling? 

We do not process your data automatically with the aim of evaluating certain personal aspects (so-called "profiling" in accordance with Art. 4 No. 4 GDPR).
 

11. Which data protection rights do you have?

Under the respective legal requirements, you have the right to request confirmation at any time as to whether we process personal data and the right to information (Art. 15 GDPR, Section 34 BDSG) about this personal data. You also have the right to rectification (Art. 16 GDPR), erasure (Art. 17 GDPR, Section 35 BDSG) and restriction of data processing (Art. 18 GDPR), as well as the right to object to the processing (Art. 21 GDPR) of personal data at any time, or to withdraw your consent to data processing at any time or to request data portability (Art. 20 GDPR). You also have the right to lodge a complaint with a supervisory authority in the event of data protection violations (Art. 77 GDPR, Section 19 BDSG).

 
 

Data protection information for visitors

A Privacy policy

  1. Scope and subject matter of the privacy policy  

The purpose of this privacy policy is to provide information about what personal data we collect via our website and for what purpose we process it. Where links are provided to other websites, we have neither influence nor control over the linked content and the data protection provisions there. We recommend that you check the data protection declarations on the linked websites to determine whether and to what extent personal data is collected, processed, used or made accessible to third parties.

For reasons of better readability, the differentiated use of various language forms has been omitted. All personal designations apply equally to all genders male/female/diverse.
 

  1. Important definitions and terms 

Firstly, you will find a selection of some legal definitions that may be helpful for you to understand the privacy policy. The full text of the General Data Protection Regulation (GDPR), including further definitions and definitions of terms, is available at the following link.

Personal data: 

  • Any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 


Processing: 

  • Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; 


Person responsible: 

  • Designates the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law; 


Receiver: 

  • Designates a natural or legal person, public authority, agency or other body to which personal data are disclosed, whether or not it is a third party. However, public authorities which may receive personal data in the framework of a particular enquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing; 


Third: 

  • This is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data. 

     

  1. Contact details of the person responsible  

Woco Industrietechnik GmbH, Hanauer Landstraße 16, 63628 Bad Soden-Salmünster, Germany, phone: +49 6056 78-0 (head office), fax: +49 6056 78-7212, e-mail: info@de.wocogroup.com  
represented by the managing directors: Michael Lorig, Kolja Kress, Joachim Geimer
 

  1. Contact details of the data protection officer    

PRW Consulting GmbH, Mrs Claudia Albrecht, e-mail: datenschutz@de.wocogroup.com 
 

  1. Logfiles 

When you visit our website, we collect access data and store it in a log file. This access data also includes the IP address. The log file also stores the name of the website accessed, the file accessed, the date and time of access, the amount of data transferred and notification of successful access, the browser type and version, the operating system, the referrer URL (the previously visited page) and the requesting provider.  

Personal data: IP address;

Purpose of data processing: We collect the log file data, including the IP address, in order to ensure a smooth connection to the website and to enable users to use our website conveniently. The log file is also used to analyse system security and stability and for administrative purposes.  

Interest in data processing: The log file data, including the IP address, is used solely for the technical and design optimisation of the website and to secure our systems (e.g. in the event of an attack on our IT or a security incident). The data in the log file, including the IP address, cannot be used by us to establish a personal reference when our website is accessed. 

Provider Mittwald CM Service GmbH & Co. KG
Purpose of data processing Hosting of the website 
Details/information on data protection mittwald data protection 
Duration of data storage: The log files, i.e. the IP address contained therein, are automatically deleted after collection. 
Legal basis: Art. 6 para. 1 f) GDPR

Provision required or necessary: The provision of the aforementioned personal data is neither required by law nor by contract. However, without the IP address, the service and functionality of the website is not guaranteed or restricted.  
 

  1. Cookies  

Cookies are small text files that enable us to make the use of our offers and our website more pleasant for users, e.g. by determining whether you have already visited an individual page of our website and thus storing information about your preferred activities on the website or tailoring our website to your individual interests. As soon as a user accesses our platform, a cookie is stored on the end device (laptop, tablet, smartphone or PC) of the respective user. Cookies that are not necessary for the provision of our website are only placed on your device with your consent. (Art. 6 para. 1 lit. a) GDPR). 

Essential functions:

These providers are used to operate the website or certain functions thereof, for example to ensure security or to make an appointment with us. These providers are mandatory and cannot be deselected. 

Name Klaro! 
Domain Klaro! 
Purpose of data processing cookie banner 
Standard expiry time 1 year  

Subject to consent: We use these providers for our marketing, in particular for so-called "tracking" (tracking of registrations) and measuring the success of our adverts. The associated reach measurement is the visitor action evaluation by analysing user behaviour in relation to the determination of certain user actions and measuring the effectiveness of online advertising. The number of visitors who have reached websites or apps by clicking on adverts, for example, is measured. In addition, the rate of users who perform a specific action can be measured 

Name _ga 
Domain Google Analytics Solutions | Analytics 
Purpose of data processing Contains a randomly generated user ID. Google Analytics can use this ID to recognise returning users on this website and merge the data from previous visits. 
Standard expiry time 2 years 

Name _ga_ABCDEF  
Domain Google Analytics Solutions | Analytics 
Purpose of data processing Contains a randomly generated user ID. Google Analytics can use this ID to recognise returning users on this website and merge the data from previous visits. 
Standard expiry time 2 years 
 

  1. Plugins and embedded functions 

 We incorporate functional and content elements into our online offering that are obtained from the servers of their respective providers (hereinafter referred to as "third-party providers"). These may be, for example, graphics, videos or social media buttons and posts (hereinafter uniformly referred to as "content").

The integration always requires that the third-party providers of this content process the IP address of the user, as they would not be able to send the content to their browser without the IP address. The IP address is therefore required to display this content or function. We endeavour to only use content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. Pixel tags can be used to analyse information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as being linked to such information from other sources. 

Provider HERE Global B.V. 
Service Here Maps
Information  HERE Privacy Policy for products and services | Legal, security, privacy and compliance  

Legal basis: Art. 6 para. 1 a) GDPR

Please note that in the event of interaction via the aforementioned media, data may also be processed outside the European Union, whereby the providers have undertaken to comply with EU data protection standards. If necessary, further data processing operations may be triggered by the aforementioned providers after the start of a content, over which we have no influence.

Furthermore, user data is generally processed for market research and advertising purposes. For example, user profiles can be created from the user behaviour and the resulting interests of the users. The user profiles can in turn be used, for example, to place adverts inside and outside the platforms that presumably correspond to the interests of the users. For these purposes, cookies are usually stored on the user's computer, in which the user's usage behaviour and interests are stored. Furthermore, data can also be stored in the user profiles independently of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them). 
 

  1. Content Delivery Network (CDN) 

A content delivery network or content distribution network (CDN) is a geographically distributed network of proxy servers and their data centres. The aim is to provide high availability and performance by distributing the service geographically relative to the end users. 

Provider Akamai Technologies, Inc. 
Service Akamai CDN 
Information Akamai Data Protection | Akamai Compliance   

Legal basis: Art. 6 para. 1 a) GDPR

With the CDN, content from our website such as scripts and stylesheets are delivered to you more quickly via a network of regionally distributed servers. For this purpose, the browser you are using must connect to the servers. As a result, the service becomes aware that our website has been accessed via your IP address. The data collected in this process is only used for the aforementioned purpose and to maintain the functionality and security of the CDN. 
 

  1. Social networks 

We operate websites on several online platforms and social networks in order to interact with potential or existing customers, to exchange information with interested parties and users, or to advertise offers and services.

We operate our websites in so-called joint responsibility (under data protection law) with the providers. We process data that you share or publish directly via the online platforms and networks (e.g. via comment and chat functions) as the controller in order to interact with you in this regard or to exchange information with you. As part of this interaction, we may also receive statistical data on the use of our "channels and fan pages" from the platform operators. This includes, for example, information about interactions, likes, comments or summarised information and statistics (e.g. IP address; origin of followers) that help us to learn about interactions with our site. The legal basis for data processing in our area of responsibility is Art. 6 para. 1 sentence 1 lit. f) GDPR. 

However, the providers mentioned also process data under their own responsibility. We have no influence on data that is processed by the provider under its own responsibility in accordance with its own terms of use and data protection. We would like to point out that when you access the aforementioned providers, further data (e.g. from your usage and "surfing behaviour") may be collected and possibly transmitted to the provider. Please also note that in the event of interaction via the aforementioned media, data may also be processed outside the European Union. Furthermore, user data is generally processed for market research and advertising purposes. For example, user profiles can be created from the user behaviour and the resulting interests of the users. The user profiles can in turn be used, for example, to place adverts inside and outside the platforms that presumably correspond to the interests of the users. Further information on this can be found in the data protection information of the respective providers. If we have personal data about you in connection with the use of the online platforms and networks, please address your concerns to us. If you also wish to assert rights against a specific provider, please contact the respective provider. 

Provider Meta Inc. 
Plattform Facebook 
Information Meta Privacy Policy - How Meta collects and uses user data (facebook.com)

Provider Meta Inc. 
Plattform Instagram 
Information Data Policy | Instagram Help Centre 

Provider LinkedIn Inc. 
Plattform LinkedIn 
Information LinkedIn privacy policy

Provider Google Ireland Ltd 
Plattform YouTube 
Information Privacy Policy - Privacy Policy & Terms of Use - Google 

Provider New Work SE 
Plattform Xing 
Information Data protection at XING
 

  1. Data security  

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transfers and from third parties gaining knowledge of it. These are continuously adapted and reviewed in line with the current state of the art. To ensure the confidentiality and integrity of the data you enter on our website, this data is transmitted via "https" and Transport Layer Security (TLS). 

 

B Your rights

You have the right to request confirmation from us at any time as to whether we are processing your personal data and the right to information about this personal data. You also have the right to rectification, erasure and restriction of data processing, as well as the right to object to the processing of your personal data at any time, to withdraw your consent to data processing at any time or to request data portability.

Please send all requests for information, requests for information, revocations or objections to data processing by e-mail to datenschutz@de.wocogroup.com. You also have the right to lodge a complaint with a supervisory authority in the event of data protection violations.