The protection of your data is important to us

You can use this website without providing any personal data. To use individual services on our website, there may be differing regulations, which are specifically explained below.Data are deemed to be personal when they can be clearly attributed to certain natural persons. We process your personal data (for example, name, address, E-mail, telephone number, and the like) only in accordance with the provisions of the General Data Protection Regulations (GDPR) and with the local data protection regulations that are valid for W. Gessmann GmbH.

The provisions below serve the fulfilment of our duty to inform (Art. 13, 14 GDPR); in compliance with this duty, we hereby inform you about the type, scope, and purpose of the collection, use,
and processing of personal data through W. Gessmann GmbH.

Please note that a web-based transmission of data is generally prone to vulnerabilities which is why an absolute protection against third party access cannot be guaranteed.

The following information can be classified in two categories. 

1.      General Information
2.      Specific information by target group


1  General information

Name and address of the Controller
W. Gessmann GmbH
Eppinger Straße 221
74211 Leingarten
Telephone: +49 7131 4067 0

Name and address of the data protection officer
Michael Wengert W. Gessmann GmbH 
Eppinger Straße 221
74211 Leingarten

If you have any questions or concerns with respect to data protection, you are free at any time to contact our data protection officer directly. 

Rights of data subjects
Every data subject has the following rights according to GDPR Art. 15-22.
To exercise these rights, please contact 

•         The right to Access
•         The right to correction
•         The right to erasure
•         The right to restriction of processing
•         The right to object of processing
•         The right to data portability 

If you are of the opinion that the processing or your personal data is illegal, you are entitled to lodge a complaint with a competent supervisory authority in accordance with Art. 77 GDPR. 

Automated decision-making
Automated decision-making or profiling does not take place.


2  Specific information by target group

      2.1      Website users

Server data
For technical reasons, we collect the following data that are transmitted by your internet browser to us or our webspace provider (so-called server log files): 

-      Browser type and Version
-      Used operating System
-      Website from which you visit our website (referrer URL)
-      Website that you visit
-      Date and time of your Access
-      Your Internet Protocol (IP) address. 

This anonymous data is stored separately from any other personal data that you may have provided and can therefore not be attributed to a specific Person. 

On our website, we use so-called cookies to recognize returning users of our services. Cookies are small text files that are installed and stored on your computer by your internet browser.
They are used to optimize our internet presence and our services. In most instances, these will be so-called session cookies that are deleted after your visit. 

You can prevent the installation of cookies by adjusting the settings of your browser; however, please note that in that case you may not be able to use any or all functions of this website to your full benefit.

Contact Option
On our website, you have the option to contact us by E-mail and/or by using the contact form.
In that case, we save the information provided by the user to process the contact request. The information is not disclose to third parties.
Also, we do not match the information collected in this way with information that is collected by other elements of our website.


     2.2     Job applicants

Thank you for your interest in our company and for applying for a job with us.
We would like to inform you below about how we process your personal data in connection with your application.

Which data will be processed by us? And for which purpose?
We process the information that you have supplied to us in connection with your application to assess your qualification for the job (or for any other job openings in our company)
and to carry out our hiring routines. 

What is the legal basis for this?
The primary legal basis for the processing of your personal data in these hiring processes is Sec. 26 BDSG [German data protection act], as amended on 25-May-2018. According to this, the processing of data is allowed if this is necessary for the decision-making in connection with the entering into an employment contract.

Should the data be needed after the end of the hiring process, for example to exercise rights, as the case may be, the data can be processed based on the provisions under Art. 6 GDPR and, including but not limited to the protection of legitimate interests, under Art. 6 paragraph 1 letter f GDPR. Our interest is the assertion or defence of claims.

For how long will the data be stored?
In the event of a rejection, the applicant’s data will be deleted after 6 months.
If you have consented to the continued storage of your personal data, we will enter your data in our pool of applicants.
In the event that your application is successful, your data will be transferred from our hiring system to our human resources System. 

To which recipients will the data be disclosed?
For our hiring processes, we use a system from 

Fravis GmbH
Sonnenhalde 10
73489 Jagstzell

They provide services to us and it is possible, as the case may be, that in the course of their maintenance work on our systems, they also gain knowledge of your personal data. We have entered into a so-called data processing agreement that ensures that the data is processed in an allowed manner.
After receipt, your application data is assessed by our human resources department. Suitable applications are then forwarded internally to the responsible officers in the departments with job openings.
Within our company, in general only such persons can access your data who have a need to know for a proper hiring process. 

Where will the data be processed?
The data is processed in data processing centres in the EU only. 

      2.3     Business contacts 

Which data will be processed by us? And for which purpose?
Data subjects are the business contacts of W. Gessmann GmbH, for example, contacts at potential customers, customers, or suppliers. We store the usual information (name, first name, form of address, tenure, department, telephone number, E-mail address, etc.) about these contacts. 

This information is used for business transactions (for example, order processing, processing of purchase orders, etc.). 

What is the legal basis for this?
-         (Pre-)contractual measures that are taken at the request of the data subjects. 

-         The data subject’s consent is given voluntarily. This takes place through a corresponding Statement. 

-         The processing is required to fulfil the contractual obligations. 

-         As the case may be, also the protection of W. Gessmann GmbH’s legitimate interests. 

For how long will the data be stored?
The legislators have provided many different retention obligations and periods.
After expiration of these periods, the corresponding data is routinely erased, if it is no longer required for contract fulfilment.
Accordingly, the data of a completed fiscal year that are subject to the commercial law or are relevant in financial terms will be deleted after ten years, to the extent that no extended retention periods apply or are required for legitimate reasons. To the extent that data is not affected by this, it is deleted as soon as the purpose for which it was stored no longer exists.
Contacts of persons that are known to have left the company will be marked as inactive and therefore no longer appear in usual searches. 

To which recipients will the data be disclosed?
All employees with an internal authorization in order to fulfil their duties receive access to the data.
Should the data be used for payment transactions, the necessary information for this will be disclosed to the financial institutions. 

To the extent that third service providers carry out maintenance work on our systems, they may gain knowledge of your personal data while they carry out their work. We have entered into a so-called data processing agreement that ensures that the data is processed in an allowed manner. 

Data will only be transferred to third countries in the course of the fulfilment of contracts, the necessary communication, and other exceptions that are expressly provided in the BDSG [German data protection regulations] or the GDPR.