Go to homepage
Zum Shop

PRIVACY POLICY

Dear Customers,

We are pleased that you are visiting our website. The protection and security of your personal information when using our website are very important to us. Therefore, we would like to inform you at this point about which of your personal data we collect when you visit our website and for what purposes it is used. Personal data are individual details about personal or factual circumstances of a specific or identifiable natural person (data subject), such as name, address, email addresses, user behavior. These are data with which we can identify you. In addition, you will also find occasional information here about data processing processes outside of this website (e.g. video conferences or newsletters).

RESPONSIBLE FOR DATA PROCESSING

Responsible for the processing of personal data within the meaning of the EU General Data Protection Regulation (GDPR):

PAUL WOLFF GmbH
Monschauer Straße 22
41068 Mönchengladbach
Phone: +49 2161 930 3
info@paul-wolff.com

DATA PROTECTION OFFICER

exkulpa gmbh
Waldfeuchter Str. 266
52525 Heinsberg
Phone: +49 2451 993 311
datenschutz@paul-wolff.com

GENERAL

This privacy policy meets the legal requirements for transparency in the processing of personal data. These are all pieces of information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, email address, IP address, or user behavior when visiting a website. Information that we cannot (or only with disproportionate effort) relate to your person, for example, through anonymization, is not considered personal data. The processing of personal data (such as collection, querying, use, storage, or transmission) always requires a legal basis and a defined purpose. Stored personal data will be deleted as soon as the purpose of processing has been achieved and there are no lawful grounds for further retention of the data. We will inform you in each processing operation about the specific storage periods or criteria for storage. Regardless, we may store your personal data in individual cases for the assertion, exercise, or defense of legal claims and in the presence of legal retention obligations.

INFORMATION ACCORDING TO ARTICLE 13 GDPR

This information is intended for customers, prospects, suppliers, and employees. Your personal data will be processed by us for the following purposes:

  • To fulfill our contractual obligations to which we are committed to you (Art. 6 para. 1 lit. b GDPR).
  • To perform pre-contractual obligations (Art. 6 para. 1 lit. b GDPR).
  • To respond to inquiries (Art. 6 para. 1 lit. b GDPR).
  • If you have given us consent to process your personal data for specific purposes (such as receiving our newsletter), the data processing will be based on your consent (Art. 6 para. 1 lit. a GDPR).
  • To fulfill legal obligations to which our company is subject (Art. 6 para. 1 lit. c GDPR).
  • Where necessary, we also process your data to safeguard our legitimate interests, in particular for asserting legal claims and defense in legal disputes, ensuring IT security, consulting and exchanging data with credit agencies to assess creditworthiness and default risks, direct marketing and market research unless you have objected to the use of your data for this purpose, for business management and further development of services and products, for product and sales optimization, for risk management, and for the prevention or investigation of criminal offenses (Art. 6 para. 1 lit. f GDPR).

CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Within our company, only those employees have access to the data who absolutely need it to fulfill their tasks (need-to-know principle). Individual processes and services are carried out by carefully selected and data protection-compliant service providers located within the EEA. If service providers commissioned by us require access to personal data to perform their services, data processing agreements pursuant to Art. 28 para. 3 GDPR have been concluded with them.

DURATION OF DATA STORAGE

The data processed by us will be stored for the duration of the existence and handling of the contractual relationship as well as in compliance with legal retention periods. These include, in particular, commercial and tax retention obligations according to the Commercial Code (HGB) and the Fiscal Code (AO). The regular retention or documentation periods thereafter amount to up to ten years. If no contractual relationship occurs, we will only process the data for as long as the specific purpose requires.

YOUR RIGHTS AS A DATA SUBJECT

As a data subject, you have the following rights regarding your personal data processed by us:

  • Right to information about the data processed about you by us.
  • Right to rectification or erasure if this data is incorrect, not up-to-date, or has been unlawfully collected by us.
  • Right to restriction of processing if complete deletion is not possible, for example, because we have to comply with legal retention obligations.
  • Right to object to processing if the data processing is based on a balance of interests (the so-called legitimate interest), as described above under "Purpose of Processing". This is the case, in particular, if the processing is not necessary to fulfill a contract with you. If you exercise your right to object, please explain the reasons why we should not process your data as we have done.

Of course, you can also object to the processing of your personal data for advertising purposes at any time. To do so, please send your objection to the address provided in the imprint or send us an email to the address provided in the imprint.

  • Right to withdrawal if you have given us consent to process your data. You can revoke your consent at any time without giving reasons to our company. Please contact the address provided in the imprint for this purpose.
  • In addition, you have the right to lodge a complaint with a supervisory authority about the processing of your personal data by our company.

If you have any questions regarding data protection, please feel free to contact us by email at the address provided in the imprint.

Cookies

Cookies are small text files that are sent by us to the browser of your device during your visit to our websites and stored there. Alternatively, information can also be stored in your browser's local storage. Some functions of our website cannot be offered without the use of cookies or local storage (technically necessary cookies). Other cookies enable us to perform various analyses, allowing us, for example, to recognize the browser you use when you revisit our website and to transmit various information to us (non-essential cookies). Cookies allow us , among other things, to make our website more user-friendly and effective by tracking your use of our website and determining your preferred settings (e.g., country and language settings). If third parties process information via cookies, they collect the information directly through your browser. Cookies do not cause any damage to your device. They cannot execute programs and cannot contain viruses.

We inform you about the specific services for which we use cookies in the respective processing operations. Detailed information about the cookies used can be found in the cookie settings or in the consent manager of this website.

Your Rights

Under the conditions of the legal regulations of the General Data Protection Regulation (GDPR), as an affected person, you have the following rights:

  • Information according to Art. 15 GDPR about the data stored about you in the form of meaningful information about the details of the processing as well as a copy of your data;
  • Rectification according to Art. 16 GDPR of incorrect or incomplete data stored by us;
  • Erasure according to Art. 17 GDPR of the data stored by us, provided that the processing is not necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claim;
  • Restriction of processing according to Art. 18 GDPR, to the extent that the accuracy of the data is contested, the processing is unlawful, we no longer need the data, and you oppose their deletion because you need them to assert, exercise, or defend legal claims, or you have objected to the processing according to Art. 21 GDPR.
  • Data portability according to Art. 20 GDPR, provided that you have provided us with personal data based on consent pursuant to Art. 6(1)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and this data has been processed by us using automated means. You will receive your data in a structured, commonly used, and machine-readable format, or we will transmit the data directly to another controller, if technically feasible.
  • Objection according to Art. 21 GDPR against the processing of your personal data, to the extent that this processing is based on Art. 6(1)(e) or (f) GDPR and there are reasons that arise from your particular situation or the objection is directed against direct marketing. The right to object does not exist if compelling legitimate grounds for the processing can be demonstrated, or the processing is necessary for the establishment, exercise, or defense of legal claims. If the right to object does not exist for individual processing operations, this is stated there.
  • Withdrawal according to Art. 7(3) GDPR of your consent given with effect for the future.
  • Complaint according to Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority at your usual place of residence, your place of work, or our company headquarters.

Data Processing in Detail

Below, we inform you about the individual processing operations, the scope and purpose of data processing, the legal basis, the obligation to provide your data, and the respective storage period. An automated decision in individual cases, including profiling, does not take place.

Provision of the Website

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. The following information is temporarily stored in a so-called log file:

  • IP address of the requesting computer
  • Date and time of access
  • Name and URL of the accessed file
  • Website from which access is made (referrer URL)
  • Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

Our website is not hosted by ourselves but by a service provider who processes the aforementioned data on our behalf in accordance with Art. 28 GDPR for the purpose of providing the website.

The use of the hoster is for the purpose of fulfilling the contract with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast, and efficient provision of our online offer by a professional provider (Art. 6(1)(f) GDPR).

We use the following hoster:

Ditcon GmbH
Fuggerstraße 26
51149 Köln

Contact Form

Nature and Extent of Processing

When you submit inquiries to us (e.g., via contact form, email, or telephone), we store all data arising from this (e.g., name, email address, subject of inquiry, etc.). We require this data to process your inquiry and to be able to respond to follow-up questions. We do not disclose this data without your consent.

Purpose and Legal Basis

The processing of this data is based on Art. 6 Para. 1 lit. b GDPR, provided your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. Otherwise, processing is based on our legitimate interest in effectively processing the inquiries directed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if you have given it beforehand.

Storage Duration

The data entered by you in the contact form remains with us until you request us to delete it, revoke your consent to storage, or the purpose for data storage no longer applies (e.g., after completion of processing your inquiry). Mandatory legal provisions – especially retention periods – remain unaffected.

Applications

Nature and Extent of Processing

You have the opportunity to apply to us via our website (e.g., via email or by post).

Purpose and Legal Basis

We process the personal data of applicants in accordance with the legal requirements for the purpose of handling the application process and implementing pre-contractual measures pursuant to Art. 6 Para. 1 lit. b GDPR and § 26 BDSG under German law (initiation of an employment relationship) and – if you have given consent – Art. 6 Para. 1 lit. a GDPR. Consent can be revoked at any time. Your personal data will only be disclosed within our company to persons involved in the processing of your application. If the application is successful, the data submitted by you will be stored for the purpose of implementing the employment relationship in our data processing systems based on § 26 BDSG and Art. 6 Para. 1 lit. b GDPR.

Storage Duration

Your data will be stored for a period of 6 months beyond the conclusion of the application process. This is usually done to fulfill legal obligations or to defend against any claims arising from legal regulations. Subsequently, we are obliged to delete or anonymize your data. In this case, the data will only be available to us as so-called metadata without direct personal reference for statistical evaluations (e.g., gender ratio in applications, number of applications per period, etc.).

If it becomes apparent that the data will be required after the expiry of the 6-month period (e.g., due to a pending or threatened legal dispute), deletion will only take place once the purpose for further storage no longer applies.

Inclusion in the Applicant Pool

As part of the application process, we offer applicants the opportunity to be included in our "Talent Pool" for a period of 12 months based on consent pursuant to Art. 6 Para. 1 lit. a GDPR.

The application documents in the Talent Pool will be processed solely in the context of future job postings and employee searches and will be destroyed no later than the expiration of the deadline. Applicants are informed that their consent to inclusion in the Talent Pool is voluntary, does not affect the current application process, and they can revoke this consent at any time for the future.

If you receive an offer of employment from us as part of the application process and accept it, we will store the personal data collected during the application process for at least the duration of the employment relationship.

Use of Online Application Platforms

As part of the application process, we also use the online platforms StepStone and Indeed.

The provider of StepStone is StepStone Deutschland GmbH, Völklinger Straße 1, 40219 Düsseldorf. For more information on data processing at StepStone, please visit: https://www.stepstone.de/Ueber-StepStone/rechtliche-hinweise/datenschutzerklaerung/.

The provider of Indeed is Indeed Ireland Operations Limited, 124 St. Stephen’s Green, Dublin 2, Ireland. For more information on data processing at Indeed, please visit: https://hrtechprivacy.com/de/brands/about-indeed#privacypolicy.

Presence on Social Media Platforms

Data Processing by Scial Networks

We operate publicly accessible profiles on social networks. The specific social networks used by us can be found below.

Social networks such as Facebook, Twitter, etc., can generally analyze your user behavior comprehensively. By visiting our social media profiles, the following data processing activities relevant to data protection are triggered:

If you are logged into your social media account and visit our profile, the operator of this social media platform can track this visit. Regardless, the operator may process your data (e.g., IP address) even if you are not logged into your account or do not have an account.

The operator consolidates this data into user profiles where your preferences and interests are stored. These profiles are used for personalized advertising within and outside the respective social media presence. If you have an account with the respective social network, personalized advertising can be displayed on all devices where you are logged in or have been logged in.

Depending on the platform, additional processing activities may be carried out by the operators of the social media portals, over which we have no control. For details, please refer to the terms of use and privacy policies of the respective social media portals.

Legal Basis

Our social media presence is intended to ensure the broadest possible presence on the internet in the sense of Art. 6 Para. 1 lit. f GDPR. The analysis processes conducted by the operators of social networks may be based on different legal bases, which are to be specified by the respective providers.

Responsible Party and Exercise of Rights

When you visit one of our social media presences (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can exercise your rights (access, rectification, erasure, restriction of processing, data portability, and complaint) both against us and against the operator of the respective social media portal (e.g., Facebook).

Despite the shared responsibility with the social media platform operators, we do not have comprehensive control over the data processing operations of the platforms. Our options largely depend on the corporate policies of the respective provider.

Storage Duration

The data directly collected by us via the social media presence will be deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for data storage ceases to apply. Mandatory legal provisions, especially retention periods, remain unaffected.

We have no influence on the storage period of the data collected by the social networks. For details, please consult the operators of the social networks directly (e.g., in their privacy policy, see below).

Facebook Page

We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The data collected is also transferred to the USA and other third countries.

We have entered into an agreement with Facebook on joint processing (Controller Addendum), which specifies for which data processing operations we or Facebook are responsible. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do this, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

The data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum und https://de-de.facebook.com/help/566994660333381.

For more information on data processing by Facebook, please visit: https://www.facebook.com/about/privacy/.

Instagram Page

We have a profile on Instagram. The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum, https://help.instagram.com/519522125107875 und https://de-de.facebook.com/help/566994660333381.

For details on how they handle your personal data, please refer to Instagram's privacy policy: https://help.instagram.com/519522125107875.

Twitter Page

We use the microblogging service Twitter. The provider is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

You can adjust your Twitter privacy settings independently in your user account. To do this, click on the following link and log in: https://twitter.com/personalization.

The data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

For details, please refer to Twitter's privacy policy: https://twitter.com/de/privacy.

LinkedIn Page

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you wish to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

The data transfer to the USA is based on the standard contractual clauses of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For details on how they handle your personal data, please refer to LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy.

XING Page

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. For details on how they handle your personal data, please refer to XING's privacy policy: https://privacy.xing.com/de/datenschutzerklaerung.

Pinterest

We have a profile on Pinterest. The operator is Pinterest Europe Ltd., Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. For details on how they handle your personal data, please refer to Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy.

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. For details on how they handle your personal data, please refer to YouTube's privacy policy: https://policies.google.com/privacy?hl=de.

Video Conferences

Data Processing

We use online conference tools to communicate with our customers. The tools we use are listed below. When you communicate with us via video or audio conference, your personal data is collected and processed by us and the provider of the respective tool.

The tools collect the data you provide, including your email address and phone number. They also process the duration of the conference, when you participated in the conference, the number of participants, and other metadata.

In addition, the tool provider processes all technical data necessary to conduct the conference. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.

If you share content in this service, it will be stored on the provider's servers. This includes cloud recordings, chat messages, voice messages, as well as photos and videos you shared while using this service.

Please note that we do not have full control over the data processing operations of the tools used. For more information on data processing by the conference tools, please refer to the privacy policies of the respective tools used.

Purpose and Legal Basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 Para. 1 lit. b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). If you have previously given consent to data processing on this website by Google Analytics, the processing of your data is based solely on the legal basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time.

Storage Duration

The data directly collected by us via the video and conference tools will be deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for data storage ceases to apply. Stored cookies remain on your device until you delete them. Mandatory legal retention periods remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Conference Tools Used

We use the following conference tools:

Microsoft Teams

We use Microsoft Teams. The provider is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For details on data processing, please refer to Microsoft Teams' privacy policy: https://privacy.microsoft.com/de-de/privacystatement.

Google Analytics

Type and Scope of Processing

We use services and features of Google Analytics on this website, offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Analytics, we as website operators can determine how our website is used. As part of the analysis, we learn how often our website is accessed, how long visitors stay on the site, and with which devices or systems they access the website. In addition, we can use Google Analytics to track your mouse movements and clicks. Google may store and use this information to create a profile about you. Google Analytics uses machine learning technologies to analyze and supplement your data. Furthermore, Google Analytics uses technologies to recognize website visitors in order to analyze user behavior. The processing of the collected data usually takes place on Google servers in the USA.

Purpose and Legal Basis

When using Google Analytics, we rely on Art. 6 Para. 1 lit. f GDPR as the legal basis for the storage and analysis of personal data, as we have a legitimate interest in analyzing the use of our website. This enables us to optimize our online presence and offerings for you. If you have previously given consent to data processing on this website by Google Analytics, the processing of your data is based solely on the legal basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time.

The transfer of your personal data to the USA is based on the standard contractual clauses of the European Commission. For more information, please visit: https://privacy.google.com/businesses/controllerterms/mccs/.

IP Anonymization

When using Google Analytics on this website, we use a function where Google shortens your IP address before it is transmitted to Google servers in the USA. This only happens if you are in the European Union or in a country of the European Economic Area. Your full IP address is only transmitted to the USA in exceptional cases and then shortened there. Google Analytics uses this information to track how you use our website. Your IP address is not merged with other data that Google owns.

Browser Plugin

You can prevent Google from collecting and processing data about you by downloading and installing the browser plugin at https://tools.google.com/dlpage/gaoptout?hl=de.

For more information on processing user data, please refer to Google Analytics' privacy policy at https://support.google.com/analytics/answer/6004245?hl=de.

Order Processing

When using Google Analytics, we comply with the strict regulations of the German data protection authorities, as we have concluded a contract for order processing with Google.

Storage Duration

Google stores data associated with cookies, user identifiers, or advertising IDs. This data is stored for two months and then anonymized or deleted. For more information on the storage period or deletion of your data, please visit: https://support.google.com/analytics/answer/7667196?hl=de.

Google DoubleClick

Type and Scope of Processing

We use services and features of Google DoubleClick on this website, offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

With Google DoubleClick, we can show our users targeted advertisements in Google-related applications that are tailored to users' interests. In order to show users relevant advertising, Google DoubleClick must be able to identify the user and associate him with the websites he has visited, his clicks, and other information about his behavior. For this purpose, Google DoubleClick uses cookies and user recognition technologies and creates pseudonymous user profiles based on the collected data.

You can disable this personalized advertising in your personal Google account at: https://policies.google.com/technologies/ads und https://adssettings.google.com/authenticated.

Purpose and Legal Basis

When using Google DoubleClick, we rely on Art. 6 Para. 1 lit. f GDPR as the legal basis, as we have a legitimate interest in analyzing the use of our website. This enables us to optimize our online presence and offerings for you. If you have previously given consent to data processing by Google DoubleClick on this website, the processing of your data is based solely on the legal basis of Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time.

WiredMinds

Analysis by WiredMinds

Our website uses counting pixel technology provided by WiredMinds GmbH (www.wiredminds.de) to analyze visitor behavior. In connection with this, the IP address of the visitor is processed. The processing occurs only for the purpose of collecting company based information such as company name, for example. IP addresses of natural persons are excluded from any further processing by means of a whitelist. An IP address is not stored in LeadLab under any circumstances. While processing data, it is our outmost interest to protect the rights of natural persons. Our interest in processing data is based on Article 6(1)(f) GDPR. At no time is it possible to draw conclusions from the collected data on an identifiable person. WiredMinds GmbH uses this information to create anonymized usage profiles of the visit behavior on our website. Data obtained during this process is not used to personally identify visitors of our website.

Exclude from tracking