Data protection: How personal data is processed at WBS (pursuant to Article 13 DSGVO)

The WBS GRUPPE (WBS), which includes WBS TRAINING AG, WBS TRAINING SCHULEN gGmbH and app2job GmbH, is pleased to be able to offer the following basic information about data protection and how your personal data is handled.

Table of Contents

1. Data controller as defined by data protection law; contact

The data controller as defined by data protection law is the relevant WBS GROUP company as described in Sections 1.1 to 1.3.

You can reach our data protection officer using the following contact details:
DataCo GmbH
Dachauer Str. 65
80335 Munich
Germany
+49 (0)228 89 7400 45840
datenschutz@dataguard.de
www.dataguard.de

1.1. WBS TRAINING AG

The data controller pursuant to Article 4 Paragraph 7 of the EU General Data Protection Regulation (GDPR) is WBS TRAINING AG, Lorenzweg 5, 12099 Berlin, Germany; telephone: +49 (0)30 695450400; kontakt@wbstraining.de 

This data controller is responsible for the following websites:

1.2. WBS TRAINING SCHULEN gGmbH

The data controller pursuant to Article 4 Paragraph 7 GDPR is WBS TRAINING SCHULEN gGmbH, Lorenzweg 5, 12099 Berlin, Germany; telephone: +49 (0)30 695450400, kontakt@wbs-schulen.de.

This data controller is responsible for the following websites:

1.3. App2job GmbH

The data controller pursuant to Article 4 Paragraph 7 GDPR is app2job GmbH, Weiskopffstrasse 16/17, 12459 Berlin, Germany; telephone: +49 (0)30 695450424; beratung@app2job.de

2. Data we collect, purpose for collection

2.1. As a prospective customer or participant/student using our educational products

Please note: Information on in-house events run by WBS ACADEMY is available in Section 2.3.

When you contact us using the contact options provided on the website, by email or by visiting one of our WBS locations, we collect various personal data, depending on whether you are receiving a consultation or are concluding a contract with us:

If you book an educational course, training, continuing education course or coaching session with us, we collect and process the data that is necessary to execute the contract. The scope of the data depends on the product and on your funding situation. The types of data that may be involved are described below. The precise scope will depend on the form used and your particular circumstances. If you contact us as a prospective student, we collect much of this data in the course of initiating a contract. The legal basis for the processing of data in this case is Article 6 Paragraph 1(b) GDPR. Unfortunately, we are unable to proceed with your consultancy appointment if you do not provide the required data. Additional information is provided on a voluntary basis and will be processed based on your consent.

2.1.1. We collect the following data from you directly:

  • Personal data and contact details. We use a specialist service provider to administer our appointment booking system. We have concluded a data processing agreement with them.
  • Professional/CV data and data regarding qualifications (e.g. educational qualifications)
  • Details about the profession, traineeship or workplace being pursued
  • Details regarding financing and, if applicable, your source of funding
  • In special cases, certificate of health or good conduct, where applicable
  • Documentation for a disability if intending to request special leave
  • If applicable, details regarding mobility and willingness to travel
  • In special cases, details regarding impairments relevant to the labour market and the degree of disability
  • Your account details, should we apply to your funding source for travel expenses on your behalf
  • From integration course participants, we also over require details regarding residence status and country of origin
  • If you would like to participate from home, we collect data relating to the quality of your internet connection
  • If you have provided your contact details as a prospective student, we use this data to contact you regarding the initiation of a contract, e.g. to arrange a consultancy appointment, to send you offers that correspond with your stated qualification goals, to remind you of agreed appointments, or for queries regarding quotes issued.
  • Data generated in the course of executing the contract, e.g. examination results, dates of attendance and absence and reasons for absence, meeting minutes. Our websites wbstraining.de and www.wbs-schulen.de provide the option for you to send notification of absence online. The data you send in the process of notifying us of an absence is stored with your contractual data.
  • Information about an employment relationship that has been entered into in the meantime upon completion of your qualification for quality control as contractually agreed. It is very important to WBS that your qualification brings you success. If you are a participant of a state-subsidised programme, we are required to inform the funding source of this pursuant to Sections 183 and 318 of the German Social Code, Book III (Sozialgesetzbuch Drittes Buch [SGB III]) and Section 2 Paragraph 2 of the German Accreditation and Licensing Ordinance on Employment Promotion (Akkreditierungs- und Zulassungsverordnung Arbeitsförderung [AZAV]). To that end, we will contact you once you complete said programme. The legal basis for processing is Article 6 Paragraph 1(c) GDPR in conjunction with the provisions mentioned above under German law.
  • We use your contact data in connection with the products you book through our company to invite you to company presentations by potential employers, and to register you for our email-based self-study course as part of WBS job mentoring. We do this to offer you the best possible support in finding suitable employment and thereby to increase the success of our qualifications. Please inform us if you do not wish to be contacted for this purpose.
  • To further improve our consultancy services, conversations with the central Service Hotline may be recorded or another person may listen in on those conversations in isolated cases. Before beginning the conversation, you are given the opportunity to decide whether you agree to this. If you request that these measures not be taken, the conversation will not be recorded, nor will anyone listen in. The legal basis is Article 6 Paragraph 1(f) GDPR. Because we consider the quality of our consulting services crucial to the subsequent success of our qualifications, our legitimate interest takes precedence here.

2.1.2. We collect the following data from third parties

Depending on whether other partners are involved in your qualification course, we collect the following data so we are able to provide our contractually agreed services (Article 6 Paragraph 1(b) GDPR):

  • We obtain details regarding the status of your registration, process organisation and examination results from the competent professional chamber or practice.
  • We obtain your examination results from certification partners.
  • We obtain details relating to the progress of your internship or practical training (e.g. progress, effort, absences) from your internship or cooperation company.
  • If you receive benefits for participation, we obtain medical findings and reports from your occupational rehabilitation institution, such as Deutsche Rentenversicherung, your accident insurance provider or the rehabilitation department of the German Employment Agency and the job centre for persons with disabilities, where applicable.
  • If you attend an integration course or a DeuFöV (German Language Ordinance) German language course, we obtain details from the German Federal Office for Migration and Refugees (BAMF) regarding your identity, suitability and eligibility for funding. If you switch courses, we obtain the data from your previous course provider.

If you have contacted us through our partner app2Job, we obtain the data collected there about you (Article 6 Paragraph 1(f) GDPR).

It may also be necessary for personal data to be exchanged between WBS TRAINING AG, WBS TRAINING SCHULEN gGmbH and app2Job GmbH for the purpose of processing your query.

2.1.3. We send the following data to third parties

We inform your funding source regarding the progress of your participation and about any special events. Only data necessary for both parties to complete their tasks is sent (e.g. contractual documents, dates of absence, certificates of incapacity to work, certificates, participation reports, information on conduct and performance relevant to the measure’s objective or incorporation). We are bound to comply with this requirement by Sections 81, 183 and 318 SGB III. The legal basis is Article 6 Paragraph 1(c) GDPR in conjunction with the provisions mentioned above under German law. If special categories of personal data are involved when sending data, this is on the basis of Article 9 Paragraph 2(b) GDPR in conjunction with the provisions mentioned above under German law. If you receive benefits for participation, interim and final reports and, where applicable, psychological fitness reports are also sent. In the event of special leave due to disability, we store a copy of the documentation you provide regarding your disability and send this information to your source of funding.

Only the data necessary for the course/coaching is sent to freelance trainers/coaches hired to conduct your qualification course or coaching.

To access digital learning tools, it may be necessary to send the personal data we require for registration to the relevant publishers. These providers have been verified in terms of their compliance with German and European data protection laws.

As part of quality controls conducted by outside certifiers (including DQS) or the audit service of the German Federal Employment Agency, your data is sent to the auditing organisation, if applicable.

Depending on whether other partners are also involved in your qualification course, we send the data necessary for the task in question (pursuant to Article 6 Paragraph 1(b) GDPR) to the following partners, where applicable, for the purpose of executing the contract:

  • Professional chambers (e.g. Chamber of Industry and Commerce (IHK), Chamber of Handicrafts (HWK))
  • Certification partners (e.g. SAP, DEKRA, Microsoft, LCCI, TELC)
  • Internship and cooperation companies
  • If you switch to another provider, we send them all the necessary data (only applies to those attending integration courses)
  • As a participant of qualification courses generally involving the use of Microsoft tools (e.g. Microsoft Cloud, Azure Dev Tools), your first name and surname are used to assign you a Microsoft email address.
  • Educational authorities
  • School administration offices
  • State statistical offices
  • German Federal Education and Training Assistance Act (BAföG) office
  • For Saxony, Sächsische Aufbaubank

Disclosure to potential employers:

If you have explicitly consented, we use data regarding your suitability (CV, qualifications booked) to compare with enquiries from potential employers and, if applicable, to send this data to the company making the enquiry.

2.1.4. Erasure of your data

We store your personal data as long as it is required to meet our statutory and contractual obligations.

If it is no longer necessary to store your data to meet our contractual or statutory obligations, your data will be erased unless further processing is necessary to fulfil retention obligations or protect our legitimate interests.

2.2. Marketing

Our websites offer you the option to subscribe to our newsletter. We use what is known as a double-opt-in procedure when you subscribe to our newsletter. This means that when you subscribe, we send a confirmation email to the email address you provided asking you to confirm that you want to subscribe. If you do not confirm your registration within 30 days, your information is automatically erased. In order to document and verify a specific newsletter subscription, we store the data transmitted when subscribing to the newsletter, including the source IP address, a time stamp and the IP address of the receiving server. We also record the activation of the confirmation link, including the source IP address, a time stamp and the IP address of the receiving server. The legal basis is our legitimate interest (Article 6 Paragraph 1(f) GDPR) in proper record keeping.

If you have granted us your consent to receiving marketing communications, we store your email address for the purpose of sending you this information. The legal basis is Article 6 Paragraph 1(a) GDPR. You may revoke your consent at any time. You can revoke your consent by clicking on the link provided in each newsletter email or by sending an email to datenschutz@wbstraining.de. Revoking your consent does not affect the legality of the processing carried out before your consent was revoked.

In addition to your consent, we process your email address for the purpose of marketing similar proprietary products and related customer satisfaction surveys, provided you are an existing customer. The legal basis is Article 6 Paragraph 1(f) GDPR in conjunction with Section 7 Paragraph 3 of the German Act Against Unfair Practices (Gesetz gegen den unlauteren Wettbewerb [UWG]). Informing our existing customers about new products and services offered is a legitimate interest. You are entitled to object to this at any time, free of charge. Simply send an email to datenschutz@wbstraining.de.

We would also like to facilitate independent quality checks by institutes. As such, we may hire other companies to conduct customer surveys, so you might be contacted by a company other than WBS. We conclude contracts for data processing with these companies in compliance with the provisions of the GDPR.

We generally retain data that is required for processing for marketing purposes until you revoke your consent or object to this type of use. Except where you revoke your consent or object to processing, there is no set rule regarding the retention period for data used for marketing purposes. Instead, the retention period depends on whether it is necessary for us to store that data to contact you on a marketing basis. Once you revoke your consent or object to processing, we continue to store the required information for a reasonable period of time on the basis of Article 6 Paragraph 1(f) GDPR. Being able to provide evidence and furnish proof should we need to is a legitimate interest under the provision mentioned above.

Contact details subject to an objection to processing will continue to be stored in a blocked form on a marketing blacklist. By doing so, we can ensure that you do not receive any further marketing material from us, either by post or by electronic mail. The legal basis is Article 6 Paragraph 1(f) GDPR. Your desire not to receive any further marketing communications in future constitutes a legitimate interest under the provision mentioned above. If you do not agree to this, please do let us know. We will then permanently erase your data. However, in this case, we will no longer be able to fully ensure that you will not receive any marketing communications from us in future.

2.3. As a participant at an in-house event

Depending on the product and depending on the agreement in place with your employer, we collect the following data when you attend an in-house event. In general, some of this data is collected by your employer.

  • Your name and contact details so we can contact you during your enrolment
  • Data about your job title or position in your organisation, if necessary to carry out/organise the training
  • Data on your source of funding if you are in receipt of funding and if we need to verify your identity by matching this information to your records
  • Depending on the content of the event(s), additional personal data may be collected to ensure the content is appropriately presented (e.g. biographical information for application coaching)
  • Dates of attendance and absence
  • For online training, data about the quality of your internet connection is also collected

 

The purpose of processing is to fulfil contractual obligations. The legal basis for the processing of data in this case is Article 6 Paragraph 1(b) GDPR.

Depending on the agreement with your employer, we send your dates of attendance and absence, results of training sessions and recordings of events to your employer, if applicable, provided this is necessary to fulfil the contract.

 

We store your personal data as long as it is required to meet our statutory and contractual obligations.

If it is no longer necessary to store your data to meet our contractual or statutory obligations, your data will be erased unless further processing is necessary to fulfil retention obligations or protect our legitimate interests.

2.4. As the contact person for a company/organisation

If you are the contact person for your organisation and you contact WBS (e.g. as a corporate client, partner or supplier), we collect the following data:

  • Name and contact details
  • Employer and, if applicable, your position in your organisation

 

The purpose of processing is to fulfil contractual obligations. The legal basis for processing is therefore Article 6 Paragraph 1(b) GDPR.

We store your personal data as long as it is required to meet our statutory and contractual obligations.

If it is no longer necessary to store your data to meet our contractual or statutory obligations, your data will be erased unless further processing is necessary to fulfil retention obligations or protect our legitimate interests.

2.5. As a participant/as part of the “Refer a friend” programme

If you use the “Refer a friend” programme as a participant or graduate of a continuing education course at WBS Training, the terms and conditions of participation set out on the website apply. Details can be found on our website at https://www.wbstraining.de/freunde-werben/. To be able to verify compliance with the terms and conditions of participation, we need to process personal data from both you and the person to whom you have provided the referral. We only collect the data listed on the programme form, which can be accessed through the above website. Required information is marked with an *.

Referrer

If you wish to take part in the “Refer a friend” programme as a referrer, we need your first name, surname, email address, course title and WBS location. We process this data to operate the referral programme, specifically to verify your eligibility to participate and to send you your reward when a referral is successful. Data is therefore processed on the basis of Article 6 Paragraph 1(b) GDPR.

Referral customer

If you have received a referral as part of the referral programme, this means we have received your personal data (name, surname, email address) from the referrer for the purpose of contacting you and extending you an offer. In line with our terms and conditions of participation, the referrer is required to obtain your consent to data processing in advance and confirm that they have done so. Your personal data is processed on the basis of Article 6 Paragraph 1(f) GDPR. Processing in this case is in our legitimate interest since it is the only way to grant the reward and no conflicting interests are apparent.

If you would like to prematurely end your participation in the “Refer a friend” programme, please inform us this by sending an email to freundewerben@wbstraining.de. We then erase the data stored for the purpose of the “Refer a friend” programme.

2.6. When using our website for informational purposes

When using our website purely for informational purposes, i.e. if you do not register or otherwise send us information, we only collect the data your browser transmits to our server, including any personal data that includes. When you view our website, we collect the following data, which we require for technical reasons for the proper display of our website and to ensure its stability and security:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Amount of data transmitted in each case
  • Website where the request initiates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software   

If the data processed is personal data, the legal basis for processing is Article 6 Paragraph 1(f) GDPR. Under the above provision, our legitimate interest here is in making our website technically available and securing it.

We also use cookies, tracking tools, targeting methods and social media plugins on our website. The specific methods used and how we use your data in the process are explained in greater detail in Section 5 below.

The data collected is stored for a period of six (6) months, after which it is automatically erased. For information on routine erasure and the tools used, please see the relevant paragraphs in Section 5.

2.7. Comment feature on www.hallokarriere.com

Our website www.hallokarriere.com offers a comment feature. By using this feature, in addition to your comment, we process your IP address, the name you specify and your email address. The legal basis of this is your consent, which you may revoke at any time, pursuant to Article 6 Paragraph 1(a) GDPR. There is no rigid erasure deadline for comments published there. In general, a comment is only erased if the article to which the comment refers is no longer available or if you revoke your consent to your comments being published. In addition, we reserve the right to immediately erase comments with any unlawful, offensive or abusive content. Revoking your consent does not affect the lawfulness of the processing carried out before your consent was revoked.

2.8. As an applicant for a job at WBS or as a freelance trainer

Our website www.wbs-gruppe.de gives you the option to apply for a job at WBS online. In addition to the information provided as part of the application form, we also collect information about your educational background and professional career during the application process. Any documents sent with the application (covering letter, CV, transcripts, letters of reference and other documentation) and the information those documents contain are stored. Applicants’ personal data may only be processed for the purpose of the application process if necessary to decide whether to enter into an employment relationship with us.

The legal basis for processing your application data is primarily Article 6 Paragraph 1(b) GDPR and Article 88 GDPR, in conjunction with Section 26 Paragraph 1 BDSG. In this case, you provide us with your data as part of a pre-contractual measure. Otherwise, we would be unable to make a decision on your application. We process what are known as special categories of personal data, in particular data related to health, to the extent necessary on the basis of Article 9 Paragraph 2 GDPR in conjunction with Section 26 Paragraph 3 BDSG.  We have a legitimate interest in processing data for documentation purposes in order to mount a defence against legal claims brought under the German Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz [AGG]).

We store your personal data as long as it is required to meet our statutory and contractual obligations.

If it is no longer necessary to store your data to meet our contractual or statutory obligations, your data will be erased unless further processing is necessary to fulfil retention obligations or protect our legitimate interests.

If you do not consent to your application being stored for a longer period, your profile and your personal data will be erased automatically, normally no more than six (6) months after receiving your application.

If you have applied for a specific job vacancy and we decide we would like to keep your personal data for future job openings, we will always request your prior consent before doing so.

3. Data processor and third-party service providers

We sometimes use third-party service providers to process your data. These third parties may have access to personal data, provided this is necessary to complete their tasks. In terms of contracted data processing as stipulated in Article 28 GDPR, we ensure that these providers are similarly bound by the provisions of data protection laws. If service providers are data controllers as defined by the GDPR, they are bound by a duty of confidentiality and must comply with the statutory data protection regulations. Please also take note of the privacy notices for each service provider (see Section 5). The service provider in each case is responsible for the content of third-party services, whereas we verify that their services are in compliance with the statutory requirements to a reasonable extent. 

It is important to us that your data be processed within the EU/EEA. However, we may use service providers that process data outside of the EU/EEA. In these cases, we ensure that the recipient has an adequate level of data protection in place before transmitting your personal data. This means that we are able to achieve a level of data protection commensurate with EU standards through what are known as EU standard contractual clauses or an adequacy decision by the EU Commission. Specific guarantees are explained with each procedure.

3.1. Use of Microsoft 365

To conduct calls, meetings, video conferences, training sessions and coaching, we use Microsoft Teams and other services included in the Microsoft 365 Suite, a product of Microsoft Corp., USA, on the basis of Article 6 Paragraph 1(b) (performance of a contract) and Article 6 Paragraph 1(f) GDPR. Being able to ensure these events are conducted properly, even in situations where participant attendance cannot be fully guaranteed, is a legitimate interest as defined by Article 6 Paragraph 1(f) GDPR. We have concluded a data processing agreement with Microsoft. Where data is sent to third countries in connection with the use of Microsoft 365, this is done on the basis of EU standard contractual clauses. These are available here https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087. For more information about data protection at Microsoft Teams, please visit: https://docs.microsoft.com/en-us/microsoftteams/teams-privacy. In all other respects, the WBS Group Terms of Use apply to the use of Microsoft 365.

4. Your rights

4.1. Right to revoke consent

If data processing is carried out on the basis of your consent, you may revoke your consent to your data being processed at any time with future effect without incurring any detrimental consequences. This does not affect the lawfulness of any data processing that was carried out before you revoked your consent. If you revoke your consent, all your data will be physically erased so that it is unrecoverable once we have received notice that you are exercising your right of revocation, provided this data is no longer required as verification of lawful processing.

Please notify us that you would like to revoke your consent by sending an email to the following address: datenschutz@wbstraining.de.

 

4.2. Right to object in the event of data processing on the basis of a legitimate or public interest

Under Article 21 Paragraph 1 GDPR, you have the right to lodge an objection to the processing of personal data relating to you for reasons relating to your particular situation where this is done on the basis of Article 6 Paragraph 1(e) (data processing in the public interest) or (f) (data processing to safeguard a legitimate interest) GDPR. This also applies to any profiling based on this provision. Please submit your objection to datenschutz@wbstraining.de.

4.3. Right to conduct direct marketing in the event of data processing

If we process your personal data in order to engage in direct marketing, you have the right under Article 21 Paragraph 2 GDPR to lodge an objection against the processing of the personal data relating to you for the purpose of such marketing at any time. This also applies to profiling where this is connected to this kind of direct marketing. Please submit your objection to datenschutz@wbstraining.de.

4.4. Other rights

You are further entitled to exercise the following rights, provided the legal requirements are met in each case. To exercise your rights as a data subject, simply send a message to datenschutz@wbstraining.de or one of the other contact addresses listed in Section 1:

  • Right to information about your personal data stored with us in accordance with Article 15 GDPR; in particular, you are entitled to access information on the purpose of the processing, categories of personal data, categories of recipients to whom personal data have been disclosed or are to be disclosed, the planned storage period, and the origin of your data, provided this data was not collected from you directly;
  • Right to rectification of incorrect or incomplete data pursuant to Article 16 GDPR;
  • Right to erasure of the data we have stored on you pursuant to Article 17 GDPR unless we are required to comply with any legal or contractual retention period or other legal requirements or rights regarding further storage;
  • Right to restriction of the processing of your personal data pursuant to Article 18 GDPR where the accuracy of the data is contested by you, its processing is unlawful, but you object to its erasure; the data controller no longer needs the data but you need it to assert claims, or exercise or defend claims, or you have lodged an objection against this data being processed pursuant to Article 21 GDPR;
  • Right to data portability pursuant to Article 20 GDPR, i.e. the right to receive the data we have stored about you in a commonly used, machine-readable format, or to request that this data be sent to another data controller;
  • Right to lodge a complaint with a supervisory authority. In general, you may contact the supervisory authority in your usual place of work or residence or in the location of our company headquarters for this purpose.

5. Information on technology used

The following web-based technology is generally used on the WBS Group’s websites. You can find out which technology is actually being used by looking at the overview of cookie consents on the website in question.

5.1. Cookies and tracking – General information

When using our website, cookies are stored on the user’s device and other similar tracking technologies are used. Cookies are small data records in a database maintained by your browser or text files your browser generates automatically and are stored on your device (laptop, tablet, smartphone, etc.), They provide certain information to the organisation that sets the cookies (in this case, us). For the sake of readability, other tracking technologies that work similarly to cookies and whose functionality is explained in the sections below are also referred to as cookies. Cookies do not harm your device and do not contain viruses, Trojan horses or other malware. They serve to make our online services more user-friendly and effective overall.

This website uses the following types of cookies and tracking, the scope and functionality of which are explained below:

5.1.1. Transient cookies, session cookies

These cookies are erased automatically when you close your browser or log out. These cookies store what is known as a session ID. This allows us to assign various requests from your browser to a common session. This enables us to recognise your computer if you return to our website.

5.1.2. Persistent cookies

Persistent cookies are automatically erased after a given amount of time, which may differ depending on the cookie. You can erase these cookies at any time by adjusting your browser’s privacy settings.

5.1.3. Flash cookies, local shared objects

Flash cookies are set by the Adobe Flash plugin, which is installed in your browser. These objects store the necessary data, regardless of the browser you use, which means the data can be used across different browsers. They have no automatic expiry date. Depending on your browser, Flash cookies can be managed (e.g. erased) like other cookies, or they may not be visible in your browser’s cookie management system. If you do not want any Flash cookie processing to be carried out, adjust your Flash Player settings to prevent this or install a relevant add-on to your browser.

5.1.4. Web storage, DOM storage

Web storage is used to store data in your browser for the purposes listed below. There are two main types of storage: Local storage for persistent data (with no expiry date) and session storage for session data (which is erased once the browser window is closed). You can erase this data by adjusting your browser’s developer options.

5.1.5. Tracking pixels, pixel trackers

This method typically involves running a tracking script on the website, which requests a tracking pixel from the web analytics tool provider. Information for the purposes listed below is also sent and, where applicable, a cookie for the web analytics tool provider is set. If there is an existing cookie, this information is added to the information in the cookie. You can remove these cookies as explained above.

5.1.6. Further information about cookies

The necessary or essential cookies listed later in this text allow us to store the connection status of your account and to adjust the website to tailor it to your device. For example, they enable you to have direct access to personal and protected zones on our website with a user name or data you have previously entered. The data processed by these cookies is necessary for the purposes stated in order to safeguard our legitimate interests as well as those of third parties in line with Article 6 Paragraph 1(f) GDPR.

The analytical cookies listed help us to optimise our website to make it more convenient for you to use. For example, we use session cookies to recognise that you have already visited specific pages on our website. These cookies store what is known as a session ID. This allows us to assign various requests from your browser to a common session. This enables us to recognise your computer if you return to our website.

We also use cookies to record the use of our website for statistical reasons and evaluate it for the purpose of optimising our products and services for you. These cookies allow us to automatically recognise that you have already visited our website on a previous occasion when you visit our website again. We also use the cookies to be able to identify you for follow-up visits if you have an account with us. Otherwise, you will need to log in again each time you visit our website.

We can also use cookies to store your preferences. This allows us or third-party providers running features on our website to store your settings on our website or individual features. When you later return to our website, your previous settings are restored.

We aim to use these tracking measures to continuously optimise the design of our website to suit your needs. We also use these tracking measures to record the use of our website for statistical purposes. We also use the data to optimise advertising content. The purposes for data processing and the categories of data being processed can be found in the description of each tracking tool and the overview of cookie consents.

Data processing in connection with the setting of analytical, statistical or preference cookies and tracking cookies is conducted on the basis of your consent (Article 6 Paragraph 1(a) GDPR). More information is available in the relevant sections covering web analytics tools in this Privacy Notice.

5.1.7. Overview of cookie consents

5.2. CleverReach

We usually send our personalised newsletter by using newsletter provider CleverReach by CleverReach GmbH & Co. KG, Mühlenstr. 43, 2618 Rastede, Germany (“CleverReach”). CleverReach is a member of the Certified Senders Alliance, which has set out its own internal guidelines for admissible email marketing. We have concluded a data processing agreement with CleverReach as per Article 28 GDPR.

We use CleverReach to measure and analyse responses to our newsletter. We have configured CleverReach such that data can only be analysed on an anonymous and aggregated basis. These settings also prevent cookies and your full IP address from being collected and processed. We also embed the Google Analytics tool in the newsletter so we can analyse the correlation between the newsletter and the purchase of a product. This is done by attaching the appropriate parameters to all links in the newsletter. If you click the link, we place a small text file (cookie) on your computer. This allows us to pinpoint the newsletter as the starting point for your visit to our website. If you order a product within 14 days, this information is displayed to us.

CleverReach can embed Twitter, Facebook, LinkedIn and Xing social media buttons in the newsletter on our behalf. Clicking on one of these buttons establishes a direct connection to the button provider’s servers.

More information about data protection at CleverReach is available in its Privacy Policy.

5.3. Mouseflow

This website uses Mouseflow, a web analytics tool operated by Mouseflow ApS, Flaesketorvet 68, 1711 Copenhagen, Denmark, to record individual visits selected at random (and only with an anonymised IP address) on the basis of your consent pursuant to Article 6 Paragraph 1(a) GDPR. It generates a log of mouse movements, mouse clicks and keyboard interaction with a view to replaying individual visits to this website based on random samples, known as session replays, and to evaluate these session replays using heat maps to develop website optimisation potential. Mouseflow also hosts multiple choice surveys to record user satisfaction with the website or specific content. The conducting of these surveys and survey participation are also recorded in the cookie. The cookie generated by Mouseflow is erased after a period of 90 days.

The data recorded by Mouseflow is not personal data. In particular, Mouseflow only processes your IP address in an anonymised form. The information is stored for a period of three (3) months and is not disclosed to third parties. The data collected is stored and processed within the EU. If you do not want Mouseflow to record your data, in addition to revoking your consent, you can object to this on any website that uses Mouseflow by visiting the following link: https://mouseflow.com/opt-out/.

5.4. Hubspot

We use tools provided by Hubspot, Inc., 25 First Street, Cambridge, MA 02141 USA, and its affiliated companies (collectively referred to as “Hubspot”) on our websites to send our newsletter, receive queries through our website, and operate landing pages. These tools use cookies on our website to collect the following personal data when you use the website:

  • First name and surname
  • Email address
  • Address
  • Telephone number

If individual HubSpot features place cookies on your device, this is done on the basis of your consent pursuant to Article 6 Paragraph 1 Sentence 1(a) GDPR. Data is processed in the US or Ireland. HubSpot processes data on our behalf. We have concluded a data processing agreement with HubSpot. This agreement serves to ensure that HubSpot processes the data in compliance with the EU General Data Protection Regulation and to guarantee the rights of data subjects. HubSpot does not use customer data to contact you itself unless you arrange for this to happen or otherwise permit it. More information about data processing at HubSpot is available here: https://legal.hubspot.com/product-privacy-policy
You may revoke your consent at any time with future effect. Revoking your consent does not affect the lawfulness of the processing carried out before your consent was revoked.

5.5. Google Tag Manager

This website uses the Google Tag Manager tool (“GTM”), operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use GTM to manage the tools we are informing you about in this Privacy Notice. For details regarding these tools, please refer to the information about the specific tool.

GTM is embedded using a script and a variant for systems with JavaScript disabled. It is loaded from the domain googletagmanager.com. It loads tools from Google or third-party providers, which in turn may collect data or load cookies (see the cookie declaration in this Privacy Notice). GTM itself does not access this data.

More information about GTM is available in the terms of use for this product.

5.6. Google Analytics

Our website uses Google Analytics, a web analytics service operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). In this context, pseudonymised usage profiles are compiled and cookies are used. The information generated by cookies about your use of this website, such as the:

  • browser type/version;
  • operating system used;
  • referrer URL (the page visited prior to visiting our website);
  • host name of the accessing computer (IP address); or
  • time of the server request,

is transferred to a Google server in the US and stored there. We have concluded a data processing agreement with Google for the use of Google Analytics. This agreement serves to ensure that Google processes the data in compliance with the EU General Data Protection Regulation and to guarantee the rights of data subjects.

This information is used to evaluate your use of this website, to compile reports on the website activities, and to perform further services linked to website and internet use for market research purposes and to tailor the design of this website.

Google may also disclose this information to third parties if this is legally required or if third parties process this data on behalf of Google. Under no circumstances will your IP address be associated with any other data held by Google. IP addresses are anonymised so that it is not possible to attribute them to individuals (known as IP masking).

More information about data protection at Google Analytics can be found in the help section of Google Analytics, available here.

5.7. Google Marketing Platform

Our website uses the Google Marketing Platform’s (“GMP”) online marketing tools, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). GMP uses cookies to deliver ads that are relevant to users, to improve campaign performance reports, or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are shown on which browser, enabling them to prevent ads from being shown more than once. GMP can also use cookie IDs to track conversions related to ad requests, for example when a user sees a Google marketing network ad and later uses the same browser to visit the advertiser’s website and make a purchase. According to Google, these cookies do not contain any personal information.

Due to the marketing tools used, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google by our use of this tool. As of the date this Privacy Notice was published, to our knowledge the following is correct: Embedding GMP allows Google to receive data on the information you have accessed, the relevant part of our website you accessed, or that you clicked on one of our ads. If you are registered with a service hosted by Google, Google can attribute your visit to your account. Even if you are not registered with Google or are not logged in, it is possible for the provider to find out your IP address and store it.

You can prevent participation in this tracking as follows: 

by disabling interest-based ads from providers that are part of the self-governing About Ads campaign via the link https://optout.aboutads.info/. These settings are reset when you erase your cookies.

5.8. Google Ads Conversion Tracking

Our website uses Google Ads Conversion Tracking, operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), to record the use of our website for statistical reasons and evaluate it for the purpose of optimising our products and services for you. Google Ads sets a cookie on your computer if you are directed to our website via a Google ad.

These cookies cease to be valid after 30 days. If a user visits specific pages of the Ads customer’s website and the cookie remains active, the cookie allows Google and the customer to recognise that the user clicked on the advertisement and was directed to this website.

The information generated by cookies about your use of this website is transferred to a Google server in the US and stored there. We have concluded a data processing agreement with Google for the use of Google Ads. This agreement serves to ensure that Google processes the data in compliance with the EU General Data Protection Regulation and to guarantee the rights of data subjects.

Each Ads customer receives a different cookie. This means that cookies cannot be tracked across different Ads customers’ websites. The information collected using the conversion cookie serves to create conversion statistics for Ads customers that have opted to use conversion tracking. This enables Google to determine the total number of users who have clicked on our ad and were directed to a website equipped with a conversion tracking tag. However, we do not receive any information that can be used to personally identify users.

You can find Google’s privacy policy for conversion tracking here.

5.9. YouTube

Our website uses services provided by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to embed videos on the website. You may need to click a button on the playback screen and accept cookies to play the video. If you press play on a video on the website, your IP address is sent to YouTube and cookies are installed on your computer before the video is actually played. However, we have embedded our YouTube videos with enhanced privacy mode (in this case, YouTube still contacts the Google Marketing Platform service, but according to Google’s privacy policy, personal data is not analysed in this process). As a result, YouTube no longer stores information about visitors unless they watch the video. When you click on the video, your IP address is sent to YouTube and YouTube recognises that you have watched the video. If you are logged in to YouTube, this information is also linked to your user account (you can prevent this by logging out of YouTube before viewing the video). 

We have no knowledge or influence on the possible collection and use of your data by YouTube at that point. For more detailed information, please refer to YouTube’s privacy policy at https://policies.google.com/privacy. In addition, please refer to our general description in this Privacy Notice with respect to the general handling of cookies and disabling them. 

5.10. Facebook

5.10.1. Custom Audiences

If you consent to this in advance, we use the Custom Audiences remarketing feature offered by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook Ireland”) on our websites. This feature allows us to direct targeted advertising at website visitors by placing personalised, interest-based Facebook ads tailored to visitors of the website when you visit the Facebook social network. To make use of the various features available, we have agreed terms and conditions with Facebook as part of a data processing agreement as per Article 28 GDPR. In this agreement, Facebook affirms that it processes data in accordance with the GDPR and that it protects the rights of data subjects.

You can object to the use of the Custom Audiences service as a whole here on the Facebook website. After logging in to your Facebook account, you will be taken to the settings page for Facebook Ads.

5.10.2. Facebook pixel for metrics and analytics

The Facebook pixel allows us to use tracking solutions and analytics services to see how you react to our ads on Facebook, for example when you click on a link in the ad that leads to our website. This gives us a better overview of how successful our campaigns on Facebook are and helps us continually optimise them. We also use the pixel to identify you as a visitor to our website. We can use this information to display the ads we post on Facebook only to those Facebook users who are also likely to be interested in our products and services, either because they have visited our website before or because they have certain characteristics (e.g. interested in certain topics or products identified based on the websites they have visited).

The pixel is loaded when you visit our website or respond to an ad we have placed on Facebook, for example by clicking on a link to our website contained in the ad. This creates a pixel ID, which is stored in a cookie, so that we then receive an analysis of your user behaviour. The pixel does not enable us to identify you personally.

5.11. Use of social media buttons

We currently use the following social media buttons: Facebook, Twitter and Xing. We use the Shariff tool developed by c’t. This means that when you visit our site, no personal data is initially disclosed to the button providers. Communication with social networks is done by a script stored on the server, which acts as an intermediary between the social network and the user. Users are only directly connected to Facebook, Twitter or Xing when they become active. Social networks cannot collect data about users before they are active. The button provider is recognisable by logo or initial shown in the box. You can communicate directly with the social network provider by clicking the button. Only by clicking the button will the social network receive the information that you have accessed the relevant website. In the case of Facebook, the IP address is anonymised immediately after it has been collected according to the providers in Germany. By using the button, your personal data is transmitted to the social network provider in question and stored there (in the case of US providers, in the US). Since the provider collects data in particular using cookies, we recommend that you adjust your browser’s security settings to erase all cookies before clicking on the button. 

We have no influence on the data collected and any data processing procedures, nor are we aware of the full extent of data collection, the purposes of processing, or the retention periods. Furthermore, we do not have any information about the erasure of the data collected by the button provider. 

The button provider stores the data collected about you as user profiles and uses them for the purposes of advertising, market research and/or to tailor the design of its website. In particular, this kind of analysis is conducted (including for users who are not logged in) for the purpose of tailoring advertising to the needs of users and to inform other social network users about your activity on our website. You have a right to object to the creation of these user profiles. To exercise this right, please contact the button provider in question. The buttons allow us to offer your the option to interact with social networks and other users to help us optimise our website and tailor it to the interests of our users. The legal basis for the use of these buttons is Article 6 Paragraph 1 Sentence 1(a) GDPR.

The data is disclosed regardless of whether you have an account with the button provider and are logged in there. If you are logged in with the button provider, your data we collect is directly linked to your existing account with the button provider. For example, if you press the activated button and link to the website, the button provider also stores this information in your user account and publicly shares it with your contacts. We recommend regularly logging out after using a social network. However, this is particularly recommended before clicking a button since this prevents the information from being linked to your profile with the plugin provider.  

More information on the purpose and extent of data collection and processing by these button providers is available in each button provider’s privacy notice as listed below. The links below also provide additional information about your rights in this regard, as well as options for adjusting your settings to protect your privacy. 

Button provider addresses and URLs for their privacy notices:

5.12. LinkedIn Insights

Our website uses the LinkedIn Insights tag, operated by LinkedIn Co., 2029 Stierlin Court, Mountain View, CA 94943, USA (“LinkedIn”). The LinkedIn Insights tag allows us to collect information, including personal data, about visitors to our website. This enables us to track advertising effectiveness and display interest-based ads. The data collected includes the following: URL, referrer URL, IP address, device and browser properties (user agent) and a time stamp. IP addresses are stored only in an abbreviated form or hashed. If you are logged in to LinkedIn during your visit to our website, this information is also collected. The data collected is pseudonymised within seven (7) days, i.e. all personal identifiers are removed. These pseudonymised data remaining is then be erased within 180 days. A data processing agreement has been concluded with LinkedIn. In connection with the use of the LinkedIn Insights tag, data is transmitted to servers in the US. The legal basis for processing is Article 6 Paragraph 1(a) GDPR. Our legitimate interest is in tailoring the design of our website to users’ needs and the opportunity to offer interest-based ads. The interests of the website visitors are sufficiently taken into account through the measures envisaged by LinkedIn, in particular prompt pseudonymisation. We therefore do not assume any overriding interest that precludes our legitimate interest. LinkedIn’s privacy policy is available here: https://www.linkedin.com/legal/privacy-policy.

5.13. Call tracking

Our website uses the Corazon powered by questFon call tracking service (“Corazon”). The processing company is telequest & Internet Solutions GmbH, Liebenauer Hauptstrasse 2–6, 8041 Graz, Austria (“Telequest”).

Corazon incorporates telephone numbers on our website that enable us to further analyse the telephone behaviour of visitors to our website We retain full control over the data collected.

Provided a call is made to us, the following data is collected

  • the caller’s telephone number (if displayed);
  • the telephone number dialled;
  • the date;
  • the time;
  • the duration of the call;
  • browser information;
  • remote user agent;
  • the referrer URL.

We also link this data with the corresponding address data record (hereinafter referred to as “telephone tracking”) if possible based on the available customer data. The data collected is erased no more than six (6) months after it is collected.

We base the use of Corazon on your consent pursuant to Article 6 Paragraph 1(a) GDPR.

Telequest processes the data on our behalf. We have concluded a data processing agreement with Telequest. This agreement serves to ensure that Telequest processes the data in compliance with the EU General Data Protection Regulation and to guarantee the rights of data subjects.More information is available in Telequest’s Data Protection Policy: https://www.telequest.com/datenschutz.

5.14. Userlike

Our websites use Userlike, a live chat software run by Userlike UG. Userlike uses cookies – text files stored on your computer that enable you to conduct real-time one-on-one chats on your website. A data processing agreement has been concluded with Userlike. The data collected is not used to personally identify website visitors, nor is any personally identifiable data linked to the user’s anonymous profile. Userlike UG’s privacy policy is available here.

5.15. edudip

We use solutions provided by edudip GmbH, Jülicher Strasse 306, 52070 Aachen, Germany (“edudip”) to hold online informational events. In order to participate, it is necessary to provide the data shown on the registration form. To ensure that you do not miss the event you have booked, we will send you brief reminders in advance from time to time. The legal basis for processing is Article 6 Paragraph 1(b) GDPR, i.e. a contractual relationship (in exchange for payment or free of charge) between you and us, as well as Article 6 Paragraph 1 Sentence 1(f) GDPR. Ensuring our events can be properly held is a legitimate interest under the provision mentioned above. We have concluded a data processing agreement with edudip. This means that edudip processes both the data you provide and any data generated in holding the webinar. edudip does this only on our behalf and only in accordance with our instructions. edudip GmbH’s privacy policy is available here: https://www.edudip.com/en/privacy. Their policy also includes information about what data is generated when a webinar is held.

5.16. FACT-Finder

When you use our website, you have the option to search for specific products or services. A search function is provided on our website for this purpose. To improve search results and display only those results that match your search query, we use the FACT-Finder service provided by Omikron Data Quality GmbH, Habermehlstrasse 17, 75172 Pforzheim, Germany (“Omikron”). Your searches as well as your device’s IP address are transmitted to Omikron and stored for the duration of the session. This is solely to ensure and improve the functionality of your search query. It is not possible for us to identify you with this information. Your data is exclusively processed in Germany. The legal basis for processing is Article 6 Paragraph 1(f) GDPR. Optimising our website’s search feature is a legitimate interest as defined by the provision mentioned above.

More information is available at www.fact-finder.com/gdpr and www.fact-finder.com/privacy-policy.html.

5.17. Tracking the customer journey via local storage

To understand how our customers found their way to our website, we use your browser’s local storage on the device you use to visit our website. We have commissioned a specialist service provider based in Switzerland for this purpose on the basis of a data processing agreement. The information retained in local storage is sent to us by eTermin when you use the form to book a consultancy appointment. This helps us to statistically analyse our presence on third-party websites, e.g. on search engines. The legal basis is your consent as defined by Article 6 Paragraph 1(a) GDPR, which you provide by enabling the “Statistics” category on the cookie banner. You may revoke your consent at any time by adjusting the settings shown above. The information in local storage does not expire. Third parties have no access to this information.

6. Participation in competitions

WBS holds competitions from time to time. Details are available in the terms and conditions for participation for each competition. When you participate in one of our competitions, we process the data you provide. Generally, this involves an individual competition post (e.g. a comment or photo), your name and your contact details so we can hold the competition and notify you if you win. The legal basis for this is your consent pursuant to Article 6 Paragraph 1(a) GDPR. If you have separately granted us consent to do so, we will include your contact details in our newsletter mailing to keep you informed about current WBS offers and services. You may revoke your consent to your data being processed as described above at any time with future effect, free of charge, by sending a brief message to the contact details provided in Section 1. Revoking your consent does not affect the legality of the processing carried out before your consent was revoked. Beyond revocation, participant data is erased from our active systems once the competition has been completed. Winner data is archived on the basis of Article 6 Paragraph 1(c) GDPR for the duration of our legal retention obligations for reasons relating to commercial and tax law (generally ten (10) years).

7. Amendments to our Privacy Notice

WBS may need to amend this Privacy Notice from time to time. We therefore recommend that you read through this Privacy Notice at regular intervals. However, rest assured that amendments will not come into force with retroactive effect and that we will not change the way we handle data previously collected.

Updated on 15 July 2021