Data protection

Privacy notice for prospective customers and customers
(in accordance with the General Data Protection Regulation (GDPR))

The following information provides you with an overview of how Weinberg & Ruf processes your personal data and your rights.

A - Processing of personal data

We process personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Personal data is any information relating to an identified or identifiable natural person. This information includes, in particular, your name, email address, postal address, and usage data such as your IP address. Where necessary for the provision of our services, we also process personal data that we have lawfully obtained from third parties based on your consent or to protect our legitimate interests. If necessary, we process personal data that we have lawfully obtained and are permitted to process from publicly accessible sources (such as debt registers, land registers, commercial and association registers, press, and media). Please note that by contacting us, using our website, and using the contact form, you consent to the collection, processing, and use of your personal data for the purposes of Weinberg & Ruf GbR, including its affiliated organizations. We generally do not use fully automated decision-making (see GDPR) for establishing and conducting business relationships. Your data will not be used for profiling. If no business relationship is established, your personal data will be deleted.

B - Data transfer

We may only disclose your personal data if permitted by law, if you have given your consent, or if we are authorized to provide such information. Under these conditions, recipients of personal data may include legal authorities (such as notaries or courts) or those entities to whom you have given us your consent to disclose your data.

C - Data storage period

Where necessary, we process and store your personal data for the duration of our business relationship, which includes, for example, the initiation and execution of a contract. Furthermore, we are subject to various statutory retention and documentation obligations, the periods stipulated therein can be up to 10 years. In addition, the storage period is also determined by the statutory limitation periods, which are generally three years, but in certain cases can be up to thirty years.

D - Collection of access data and log files

We, or rather our hosting provider, collect data about every access to the server on which this service is located (so-called server log files) based on our legitimate interests. Access data includes the name of the accessed website, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider. Log file information is stored for a maximum of 7 days for security reasons (e.g., to investigate misuse or fraud) and then deleted. Data that needs to be retained for evidentiary purposes is exempt from deletion until the respective incident has been fully resolved.

D1 - Google Analytics

Based on our legitimate interests (i.e., our interest in analyzing, optimizing, and operating our online services economically), we use Google Analytics, a web analytics service provided by Google LLC (Google LLC, Mountain View, CA, USA). Google uses cookies. The information generated by the cookie about users' use of the online services is generally transmitted to and stored on a Google server in the USA.
Google is certified under the Privacy Shield agreement and thus guarantees compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
Google will use this information on our behalf to evaluate users' use of our online services, to compile reports on activity within these online services, and to provide us with other services related to the use of these online services and internet usage. Pseudonymous user profiles may be created from the processed data.
We use Google Analytics only with IP anonymization enabled. This means that Google will shorten the IP address of users within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user's browser will not be merged with other Google data. Users can prevent the storage of cookies by adjusting their browser settings; users can also prevent Google from collecting and processing data generated by the cookie and related to their use of the website by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Further information on data usage by Google, setting and opt-out options can be found in Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
Users' personal data will be deleted or anonymized after 14 months.

D2 - Google Maps

We embed maps from the service “Google Maps” (provider: Google LLC, Mountain View, CA, USA). The data processed may include, in particular, users' IP addresses and location data, which, however, are not collected without their consent (usually obtained through their mobile device settings). The data may be processed in the USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-out: https://adssettings.google.com/authenticated.

D3 - SSL encryption

For security reasons and to protect the transmission of confidential information, such as inquiries you send to us as the website operator, our website uses SSL encryption. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the padlock icon in your browser's address bar. When SSL encryption is activated, the data you transmit to us cannot be read by third parties.

E - Data protection rights

Every data subject has the right to information, the right to rectification, the right to erasure, the right to restriction of processing and the right to data portability (see corresponding articles in GDPR).

F - Right of withdrawal

You have the right to revoke any consent you have given with effect for the future.
You can submit your objection to us informally, either by post or email.

Responsible and in charge for all questions:

Weinberg & Ruf GbR

Represented by the managing directors
Andreas Weinberg and Martin Ruf

Esperanto Street 12
D-70197 Stuttgart

Telephone: 49 (0) 711-70 850 10

Email: info(at)weinberg-ruf.de