WAJE Logo
Burger Menu Icon in WAJE style

Privacy Policy

We take the protection of your personal data very seriously when collecting, processing and using it during your visit to our website and want you to know when we collect which data and how we use it. We have taken technical and organisational measures to ensure that both we and any service providers comply with data protection regulations.

This privacy policy explains the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our website and the associated websites, func-tions and content as well as our external online presences, such as our social media profiles (hereinafter referred to as "online offer").

Responsible persons

The controller for the collection, processing and use of your personal data within the meaning of Art. 4 No. 7 GDPR is

WAJE GmbH & Co. KG

Kanalstraße 7

22085 Hamburg

Tel: +49 40 300699919

E-Mail: mail(at)waje.de

Types of data processed

  • Inventory data (e.g. your name, address)
  • Contact details (e.g. your e-mail address, telephone number)
  • Content data (e.g. your text entries on our site or in e-mails, photographs, videos that you send us)
  • Usage data (e.g. the subpages you have visited, access times)
  • Meta/communication data (e.g. device information, IP addresses)

Categories of affected persons

Visitors and users of the online offer (hereinafter: "users"), customers, interested parties, business partners.

Purpose of the processing

  • Provision of the online offer, its functions and contents
  • Answering contact enquiries and communicating with users
  • Safety measures

Terminology used

  • "Personal data" means any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. cookie) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (Article 4(1) GDPR).
  • "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Art. 4 (2) GDPR).
  • "Profiling" means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements (Article 4(4) GDPR).
  • "Pseudonymisation" means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person (Art. 4 (5) GDPR).
  • "Controller" means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data (Art. 4 (7) GDPR).
  • "Processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (Art. 4 (8) GDPR).

Relevant legal bases

Art. 13 GDPR stipulates that we inform you of the legal basis of our data processing. If the legal basis is not expressly stated in the following privacy policy, the following applies:

  • The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR.
  • The legal basis for the processing for the fulfilment of our services and implementation of contractual measures as well as answering enquiries is Art. 6 para. 1 lit. b GDPR.
  • The legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c GDPR.
  • The legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR.
  • The legal basis in the event that vital interests of the data subject or another natural person require the processing of personal data is Art. 6 para. 1 lit. d GDPR.

Safety measures

To secure your data, we maintain technical and organisational security measures in ac-cordance with Art. 32 GDPR, which we constantly adapt to the state of the art.

The measures include, in particular, safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data.

We have set up procedures to ensure that data subjects' rights are exercised, data is deleted and we respond to data threats.

We also take into account the protection of personal data through technology design (privacy by design) and data protection-friendly default settings (privacy by default), Art. 25 GDPR.

Your personal data is transmitted in encrypted form. This applies to all communication via our website. We use the SSL (Secure Socket Layer) coding system. However, we would like to point out that data transmission over the Internet, e.g. when communicating by e-mail, may be subject to security vulnerabilities.

Cooperation with processors and third parties

If we disclose data to processors or third parties as part of our processing, transfer it to them or otherwise grant them access to the data, this is done exclusively on the basis of legal permission, e.g. if you have consented, Art. 6 para. 1 lit. a GDPR, the transfer to third parties pursuant to Art. 6 para. 1 lit. b GDPR is necessary for the fulfilment of the contract, a legal obligation provides for this, Art. 6 para. 1 lit. c GDPR, or on the basis of our legitimate interests, Art. 6 para. 1 lit. f GDPR.

In the case of processors, the transfer takes place on the basis of the data processing agreement concluded with the processor in accordance with Art. 28 GDPR.

Transmission to third countries

Data will only be transferred to a third country, e.g. when using third-party services, if this is done to fulfil our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests in accordance with the aforementioned legal bases. Subject to other legal or contractual authorisations, we only process or have the data processed in a third country if the special requirements of Art. 44 et seq. GDPR (e.g. on the basis of special guarantees, such as the officially recognised determinati-on of a level of data protection corresponding to the EU (so-called "adequacy decision") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses")).

Rights of the data subjects

  • Right to confirmation and information: In accordance with Art. 15 GDPR, you have the right to obtain confirmation from us as to whether personal data concerning you is being processed. If this is the case, you have the right to request information from us free of charge about the personal data stored about you together with a copy of this data.
  • Right to rectification: In accordance with Art. 16 GDPR, you have the right to obtain from us the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to request the completion of incomplete personal data.
  • Right to erasure: In accordance with Art. 17 GDPR, you have the right to demand that personal data concerning you be erased immediately.
  • Right to restriction of processing: Under the conditions of Art. 18 GDPR, you have the right to request that the processing of your personal data be restricted.
  • Right to data portability: In accordance with Art. 20 GDPR, you have the right to request to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and to request its transmission to another controller, insofar as this is technically feasible.
  • Right to withdraw consent: In accordance with Art. 7 (3) GDPR, you have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
  • Right to object: In accordance with Art. 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(e) or (f) GDPR.

You can assert the aforementioned rights at any time against the above-mentioned controller or the above-mentioned data protection officer.

  • Right to lodge a complaint with a supervisory authority: In accordance with Art. 77 GDPR, you have the right to lodge a complaint with the competent supervisory authority.

Deletion of data

Unless expressly stated otherwise, the data stored by us will be deleted in accordance with Art. 17 GDPR as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations.

If the data is not deleted because it is required for other and legally permissible purposes, its processing is restricted in accordance with Art. 18 GDPR, i.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons. According to legal requirements in Germany, the storage takes place in particular for 10 years in accordance with §§ 147 para. 1 no. 1, 4 and 4a, para. 3 AO, 257 para. 1 no. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with §§ 147 para. 1 no. 2, 3 and 5, para. 3 AO, 257 para. 1 no. 2 and 3, para. 4 HGB (commercial letters).

Operation of the website and access to the website

The hosting services we utilise from our hosting provider serve to provide the following services: Infrastructure and platform services, computing capacity, storage space and database services, security services and technical maintenance services that we use for the purpose of operating the website.

We, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties and visitors to this online offer on the basis of our legitimate interests in the efficient and secure provision of this online offer in accordance with Art. 6 para. 1 sentence 1 f) GDPR in conjunction with Art. 28 GDPR. Art. 28 GDPR.

We, or our hosting provider, also process access data. These include

  • Name and URL of the retrieved file
  • Date and time of retrieval
  • Amount of data transferred
  • Message about successful retrieval (HTTP response code)
  • Browser type and browser version
  • Operating system
  • Referer URL (i.e. the previously visited page)
  • Websites that are accessed by the user's system via our website
  • Internet service provider of the user
  • IP address and the requesting provider

We use this log data without assigning it to you personally or otherwise creating a profile for statistical evaluations for the purpose of the operation, security and optimisation of our online offering, but also to anonymously record the number of visitors to our website and the extent and type of use of our website and services. Based on this information, we can provide personalised and location-based content and analyse data traffic, search for and rectify errors and improve our services.

This is also our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR.

We reserve the right to check the log data retrospectively if there is a justified suspicion of unlawful use based on concrete evidence. We store IP addresses in the log files for a limited period of time if this is necessary for security purposes. We also store IP addresses if we have a concrete suspicion of a criminal offence in connection with the use of our website.

Contact us

When contacting us (e.g. by email, telephone or via social media), the user's details are pro-cessed to process the contact enquiry and its handling in accordance with Art. 6 para. 1 lit. b) GDPR. In answering your enquiry, we also have a legitimate interest in processing your transmitted data in accordance with Art. 6 para. 1 lit. f) GDPR.

We delete the requests if they are no longer necessary. We review the necessity on a regular basis, at the latest every two years. Furthermore, the statutory archiving obligations apply.

Amendment of this data protection notice

We will revise this privacy policy in the event of changes to our website or other occasions that make this necessary. You will always find the current version on our website.

Status of the privacy policy: 09.10.2024.