Countries

Looking for your local site?

Contact
Start page of the Wilo-Media Database on a Macbook Air

Data policy

Data Protection Information of WILO SE

WILO takes the protection of your personal data very seriously, and takes account of protecting your privacy during processing in our IT systems. When you visit our website, we possibly ask for, amongst other things, personal data in accordance with statutory provisions that are applicable within the EU or are in accordance with the German Federal Data Protection Act.

Download

Data protection is very important to WILO SE. With this information, we give you an overview of which data we process from you in a transparent form. In particular, we inform you about

A. General information on data protection
B. Data processing on our website
C. Your rights as a data subject

A. General information on data protection

I. Name and address of the Data Controller

For the purposes of the General Data Protection Regulation (GDPR) and other national data protection laws in the member states and other applicable data protection provisions, the Data Controller is:

WILO SE
Wilopark 1
44263 Dortmund
Germany
Tel.: + 49 231 4102 - 0
E-Mail: wilo@wilo.com
Website: www.wilo.com

The Data Controller has appointed the following Data Protection Officer:
The Data Protection Officer of WILO SE, Germany
WILO SE
Wilopark 1
44263 Dortmund
Germany
Tel.: +49 231 4102-0
E-Mail: data-privacy@wilo.com

II. General information on data processing

1. Scope of the processing of personal data

We only collect and use our user’s personal data to the extent necessary to provide a functioning website, contents and services. We basically only collect and use our user’s personal data after having obtained the user’s consent. An exception applies in cases when the user’s consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data

Article 6 (1) point (a) GDPR serves as the legal basis if we obtain the data subject’s consent to the processing of personal data.

Article 6 (1) point (b) GDPR serves as the legal basis for the processing of personal data required to perform a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Article 6 (1) point (c) GDPR serves as the legal basis if the processing of personal data is required to perform statutory obligations owed by our company.

Article 6 (1) point (d) GDPR serves as the legal basis in the event vital interests of the data subject or another real person require the processing of personal data.

Article 6 (1) point (f) GDPR serves as the legal basis if the data processing is necessary to safeguard a legitimate interest of our company or a third party that prevails over the data subject’s interests, fundamental rights and fundamental freedoms.

3. Recipients of the data

Within our company, access to your data is granted to those positions that need it to fulfill our contractual and legal obligations. Service providers and subcontractors employed by us may also receive data for these purposes. These are companies in the categories of IT services, logistics, printing services, telecommunications, debt collection, advice and consulting, as well as sales and marketing.

Regarding the transfer of data to recipients outside our company, it should first be noted that all our employees who work with personal data are bound to data secrecy and confidentiality.

We may only pass on information about you if this is required or permitted by law or if you have given your consent. Under these conditions, recipients of personal data could be, for example:

  • Public bodies and institutions (e.g. tax authorities, law enforcement agencies) in the event of a legal or regulatory obligation.

  • Other companies or companies in the Group to which we transfer personal data in order to carry out the business relationship with you (depending on the contract, e.g. catalog dispatch, credit agencies, in case of international projects, cross-boarder transactions, etc.).

  • Other companies in the Group for risk management due to legal or regulatory obligation.

Further recipients of data could be those entities for which you have given us your consent to the transfer of data.

4. Data transfer to a third country or to an international organization

Data transfer to bodies in countries outside the European Union (so-called third countries), is only made if

  • it is necessary for the execution of your contracts (e.g. catalog dispatch, production or service orders),

  • it is required by law (e.g. reporting requirements under tax law) or

  • we are legally authorized to do so (e.g. because you have given us your consent or because of a legitimate interest on our part).

Other than this, WILO SE does not transfer personal data to entities in third countries or international organizations. However, WILO SE uses service providers for certain tasks, most of which also use service providers that may have their registered office, parent company or data centers in a third country. A transfer is permitted if the European Commission has decided that an adequate level of protection exists in a third country (Article 45 GDPR). If the Commission has not made such a decision, WILO SE or the service provider may only transfer personal data to a third country or to an international organization, if appropriate safeguards are provided (e.g. standard data protection clauses adopted by the Commission or the supervisory authority in a specific procedure) and enforceable rights and effective remedies are available. The WILO SE has contractually agreed with these service providers that data protection regulations are always concluded with their contractual partners in compliance with the European level of data protection.

Please note: Regarding data transfer to the United States and possibly also for a data transfer to other third countries without an adequacy decision, the continued use of standard data protection clauses and Binding Corporate Rules cannot guarantee that the data exchange to the United States is protected or immune from prosecution under the GDPR due to the current case law of the European Court of Justice.

5. Data deletion and storage period

The personal data of the data subject is deleted or blocked as soon as the purpose of their storage has been achieved. Storage for a longer period is possible if provided for by the European or national legislator in relevant Union regulations, laws or other provisions governing the data controller. The data is also deleted or blocked once the statutory retention period lapses, unless there is a requirement to retain the data for entering into or performing a contract. The data we store includes, inter alia:

  • Log files for a max. of 14 days

  • Databases for logins for the duration of the account’s existence

  • Universal Messenger for three months

  • Commercetools for the duration of the legal transaction and the associated statutory retention periods

B. Data processing on our website

I. Provision of the website and generation of log files

1. Description and scope of the data processing

Our system automatically collects data and information from the accessing computer on each occasion a user visits our website.
The following data is collected:

  • Information on the browser type and version used

  • The user’s operating system

  • The user’s internet service provider

  • The user’s IP address

  • The date and time of the access

  • Websites, from which the user was referred to our website

  • Websites, accessed by the user’s system via our website

  • Duration of the user’s visit

  • The user’s country of origin

  • The user’s preferred language

  • Time of the user’s first visit and most recent visit

This data is also saved in our system log files. We do not store this data together with the user’s other personal data.

2. Legal basis for the data processing

The legal basis for the temporary storage of the data and log files is Article 6 (1) point (f) GDPR.

3. Purpose of the data processing

The temporary storage of the IP address by our system is required to deliver the website to the user’s computer. The user’s IP address must therefore be stored for the duration of the session.

The storage of data in log files serves the purpose of warranting the proper functioning of our website. The data is also used to optimise the website and to safeguard the security of our IT systems.

These purposes represent our legitimate interest in the data processing pursuant to Article 6 (1) point (f) GDPR.

4. Duration of storage

The data is deleted as soon as the purpose of collecting them has been achieved. Where data is collected to operate the website, this is the case as soon as the respective session ends.

If the data is stored in log files, this is the case after a maximum of 14 days. Data may be stored for longer periods in certain circumstances. If this is the case, the user’s IP addresses are deleted or truncated with the result that it is no longer possible to trace them back to the accessing client.

5. Right to object and contest a decision

The collection of the data for the provision of the website and storage of the data in log files is absolutely essential for the operation of the website. This means that the users cannot object to this collection and storage of data.

II. Use of cookies

1. Description and scope of the data processing

Our website uses cookies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user visits a website, cookies can be placed locally on the user’s device. This cookie contains a character string, which is a unique identification code of the browser that will be recognised at the next occasion you visit the website.

We use cookies to make our website more user-friendly. Some elements of our internet site require that the accessing browser can still be identified after having left our page. The cookies store and transmit the following data:

  • Items in a shopping basket

  • Login information

  • Chat information

  • Security mechanisms for forms (XSRF)

  • Wish list items

  • Web analysis tool Matomo (formerly Piwik)

  • Universal Messenger data for a target-group focused website experience

Our website also uses cookies that allow for an analysis of the user’s navigation and use of the website. The following data can be transferred:

  • Entered search terms

  • Page views

  • Use of website functions

The collected user data is pseudonymised by technical methods. The data can then no longer be traced back to the accessing user. The data is not merged with any of the user’s other personal data.
When accessing the website, users are informed about the use of cookies by an info banner, which also refers to this data protection declaration. In this context, the user has the option of allowing or preventing cookies.
It is important to distinguish between cookies that are technically necessary for the operation of our website and cookies that are not.

2. Legal basis for the data processing

The legal basis for the data processing involving the use of cookies, which are mandatory for the operation of our website, is Article 6 (1) point (f) GDPR.

Legal basis for the processing of personal data using all other cookies, which are not absolutely necessary, is your effective consent under Article 6 (1) point (a) GDPR.

3. Purpose of the data processing

The purpose of using strictly necessary cookies is to make the website more user-friendly. Some of the functions offered on our website may not be available if cookies are disabled. These functions depend on the recognising the browser after it has left the website. The following applications require the use of cookies:

  • Shopping functions (e.g. shopping basket)

  • Tracking functions (e.g. country of origin)

The user data collected by strictly necessary cookies is not used to generate user profiles.

This purpose represents our legitimate interest in the data processing pursuant to Article 6 (1) point (f) GDPR.

Analysis cookies are exclusively used for the purpose of improving the quality of our website and its contents. The analysis cookies provide us with information on how the website is used and how we can continually improve our services.

4. Duration of storage

Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all the functions of the website to the full.

5. Right to object and contest a decision

The user’s computer stores and transmits the cookies to our website. This means that our users are in full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings of your internet browser. Cookies that have already been placed can be deleted at any time. This can also be set to automatic. You may not be able to use the full scope of functions offered on our website if you have cookies deactivated.

In addition, you have the option at any time to adjust your settings in our cookie banner or our cookie declaration and revoke your consent with effect for the future. Processes already in the past are not affected by this.

III. Use of Google Tag Manager

This website uses the Google Tag Manager. This service allows website tags to be managed through an interface. The Google Tag Manager only implements tags. That means: no cookies are used and no personal data is collected. The tool triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access this data. If a deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags to the extent that they are implemented with Google Tag Manager.

IV. Use of iFrames

1. Description and scope of the data processing

We use so-called inline frames (iFrames) on some websites. An iFrame is an HTML - element, which is set as a frame within a website and serves to structure web pages. With the help of iFrames, contents of other providers are integrated into our website.

When an iFrame is displayed on our website, the IP address of the user is transmitted to the third party whose iFrame is integrated. When loading this iFrame, the third party provider may collect and process further information (including personal data). It cannot be excluded that the information may also be transferred to a server in a third country. We cannot influence whether and which of your personal data the third party provider actually collects. Details of the data processing carried out in connection with the services of the third party can be found in the data protection declaration of the respective provider.

2. Legal basis for the data processing

The legal basis for the integration of iFrames is Article 6 (1) point (f) GDPR. Our legitimate interest lies in making the website even more user-friendly and attractive for the website visitor.

3. Purpose of the data processing

The purpose of the integration of the so-called iFrames is to make our website more attractive for the user by providing it with an appealing and simple possibility. Reduced loading times through the transfer of smaller amounts of data should be made possible as well as the individual and independent scrolling of individual page areas.

4. Duration of storage

For the duration of the storage of your data by the third party provider of iFrames, please refer to their privacy policy.

5. Right to object and contest a decision

You have the right to object. You can send us or inform us of your objection at any time. Please use the address of the Data Protection Officer of the Data Controller.

V. Newsletter

1. Description and scope of the data processing

Our website offers users to subscribe to a free newsletter. The data entered in the registration form will be transmitted to us.

The following data is also collected during registration:

  • IP address of the accessing computer

  • Date and time of registration

Your consent to the data processing is obtained during the registration process, where you are also referred to this Data Protection Statement.

If you submit your e-mail address to us during the course of purchasing goods or services via our website, we may subsequently use this data for sending out a newsletter. In this case, the newsletter will only contain direct advertising for similar products or services offered by our company. Data is not disclosed to third parties as part of the data processing concerned with the sending of newsletters.
The data is used exclusively for sending out the newsletter. We also use newsletter tracking, which means that the e-mails sent by us contain small image files, also called web beacons or tracking pixels, which are embedded in the e-mails but not directly contained in them (only as a link to a web address). These are downloaded from the external server by the webmail application running in the browser. Information regarding the call-up, the IP address and information on the accessing client is collected.

2. Legal basis for the data processing

The legal basis for the data processing after the user has subscribed to the newsletter and granted his declaration of consent to the use of his data is Article 6(1) point (a) GDPR.

The legal basis for sending newsletters following the sale of goods or services are Art. 6 (1) point (f) GDPR and Section 7 (3) UWG (German Unfair Competition Act).

The newsletter tracking is also based on Article 6 (1) point (f) GDPR.

3. Purpose of the data processing

The collection of the user’s e-mail address serves the purpose of delivering the newsletter.

The tracking of the newsletter service serves the purpose of performing statistical analysis to determine how many e-mails are read when and which links are accessed frequently. In this case, the use does not allow for inferences to persons. The information is used for the optimisation of newsletter content or to better match the newsletter to the mail clients used by the recipients.

The collection of other personal data during the registration process serves the purpose of preventing misuse of the services or the e-mail addresses used.

4. Duration of storage

The data is deleted as soon as the purpose of collecting them has been achieved. Accordingly, the user’s e-mail address will be stored for as long as the user remains subscribed to newsletter. The analysis data is deleted after three months.

Any other personal data collected during the registration process is usually deleted after seven days.

5. Right to object and contest a decision

The newsletter subscription can be cancelled (unsubscribe) by the user at any time. All newsletters contain an unsubscribe link.

This also gives the user the opportunity to revoke his consent to the storage of the personal data collected during the registration process.

VI. Registration

1. Description and scope of the data processing

Our website offers users to register by providing their personal data. The data is entered into a form, transmitted to us and then stored by us. The data is not disclosed to third parties, unless a payment processing service is involved in an e-commerce transaction. The following data is collected during the registration process:

  • First name

  • Surname

  • E-mail address

  • Password

  • Address

  • Post code

  • City

  • Date of birth

  • Telephone number

  • Fax number

  • Tax number

  • Company

  • Company website

The following additional data is stored when registering:

  • Date and time of the registration

  • Date and time of the registration confirmation

  • Date and time consent to the Data Protection Statement was granted

  • Website where the registration was carried out

The user’s consent for the processing of these data is obtained during the course of the registration process. This data is also collected during the course of an e-commerce transaction. In this case, data may in certain cases be disclosed to third parties. Wilo has contracted with BS PAYONE to provide payment processing services for cashless transactions using credit/debit cards. This means that BS PAYONE assumes the role of the data controller for the purposes of Article 4 (7) GDPR.

2. Legal basis for the data processing

The legal basis for the data processing with the user’s consent is Article 6 (1) point (a) GDPR.

If the registration serves the purpose of performing a contract with the user or to implement pre-contractual measures, the legal basis for the data processing is Article 6 (1) point (b) GDPR.

The processing of the data during the course of an e-commerce transaction is based on Article 6 (1) point (b) GDPR.

3. Purpose of the data processing

User registration is necessary for the provision of certain content and services on our website. The user may also be required to register for the purpose of performing a contract with him, or to implement pre-contractual measures.

4. Duration of storage

The data is deleted as soon as the purpose of collecting them has been achieved. For the data collected during the registration process, this is the case when the registration on our website is cancelled or modified.

Data required for the performance of a contract or the implementation of pre-contractual measures can also be deleted if the data is no longer required to perform the contract. It may be necessary to store the personal data of a contracting partner longer than required for entering into a contract for the purpose of performing contractual or statutory obligations. This means that as soon as a user requests the deletion of his account, the data specified above will be deleted; unless opposed by a law that requires Wilo to retain data (i.e. statutory retention periods).

5. Right to object and contest a decision

As a user, you have the option of having your registration deleted or deleting it yourself at any time. Data stored about can be altered at any time upon your request. You can change profile data in individual applications yourself at any time.

If the data is required for the performance of a contract or to implement pre-contractual measures, an earlier deletion of the data is only possible to the extent such deletion is not opposed by statutory requirements.

VII. Contact form and contact by e-mail

1. Description and scope of the data processing

Our website offers a contact form that can be used to send electronic correspondence to us. A similar form can be used to enrol in one of the training courses offered by Wilo or our partnering companies. The data entered into these forms will be transmitted to and stored by us. This is the data shown in the input mask.

The following additional data is stored at the time the form is submitted:

  • The user’s IP address

  • The language and URL of the page accessed

  • The user’s browser and operating system

  • The user’s referring page

  • Date and time contact was made

With respect to the processing of their data, users are referred to the Data Protection Statement at the time of submitting the form and must acknowledge and confirm their consent to the Data Protection Statement.

Alternatively, users may contact us via the e-mail address provided. In this case, the user’s personal data transmitted in the e-mail will be stored.

The data is not disclosed to third parties in this context. The data is used exclusively for processing the correspondence, unless we use contractors for the performance of our services, e.g. for repair services that are not rendered directly by our factory customer service, and who require the data to render their performances. If you send an application as an attachment to the e-mail or the form, we will save it in our electronic application portal, which is hosted by a third party (Lumesse GmbH).

2. Legal basis for the data processing

The legal basis for the processing of data submitted via the contact form with the user’s consent is Article 6 (1) point (a) GDPR.

The legal basis for the processing of the data transmitted in an e-mail is Article 6 (1) point (f) GDPR. If the objective of the e-mail contact is to enter into a contract, e.g. placing an order with the after sales service, the data processing is also based on Article 6 (1) point (b) and (c) GDPR.

The legal basis for the storage of course participant information is Article 6 (1) point (f) GDPR.

3. Purpose of the data processing

We exclusively process the personal data submitted via an online form for processing the user’s inquiry. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data. If you enrol in a training course, the personal data submitted by you will be used to conduct and organise training courses.
Any other personal data processed during the submission process serve the purpose of preventing misuse of the contact form and to safeguard the security of our IT systems.

4. Duration of storage

The data is deleted as soon as the purpose of collecting them has been achieved. Personal data entered into the online form is not stored on our servers. The data sent via e-mail is deleted once the respective correspondence with the user has been concluded. The correspondence is deemed concluded if the circumstances indicate that the respective inquiry has been resolved in final.

If you send us an order for our after sales service, we will contact you using the double opt-in process. If you respond to the contact e-mail, the data will be deleted within 24 hours. If we not receive a reply from you with regard to the contact e-mail, we will retain your order inquiry for a period of two weeks to allow you to place the order that you have already submitted to us.

Your data relating to your enrolment in training courses or other customer events can be retained for up to 10 years due to tax law requirements.

The additional personal data collected during the submission process is deleted after a maximum of seven days.

5. Right to object and contest a decision

The user may revoke his declaration of consent to the processing of personal data at any time. Users who contact us by e-mail may revoke their consent to the storage of their personal data at any time. If a consent is revoked, the correspondence with the user will be terminated.

In this case, all personal data stored during the course of making contact will be deleted.

VIII. Website analysis services

1. Description and scope of the data processing

This website uses the software "Matomo" (www.matomo.org), a service of the provider InnoCraft Ltd, 150 Willis St, 6011 Wellington, New Zealand. The software places a cookie (a text file) on your computer, which allows your browser to be recognized. If subpages of our website are called up, the following data is stored:

  • The IP address of the user shortened by the last two bytes (anonymized)

  • The called subpage and time of the call

  • Browser and operating system of the user

  • Originating side of the user (referrer)

  • The time spent on the website

  • The pages that are accessed from the called subpage

The data collected with Matomo is stored on a Wilo rented server in Germany. A transfer to third parties does not take place.

2. Legal basis for the data processing

The legal basis for the processing of personal data using Matomo is Article 6 (1) point (f) GDPR.

3. Purpose of the data processing

We need the data in order to analyse the surfing behaviour of the users and to obtain information on the use of the individual components of the website. The purpose of data collection is to strive for a sustainable improvement of the website and the user experience. This is our legitimate interest according to Art. 6 para. 1 lit. f DSGVO. By making the IP address anonymous, we take into account the interest of users in their protection of personal data. The data will never be used to personally identify the user of the website and will not be merged with other data.

4. Duration of storage

The data is deleted as soon as the purpose of collecting them has been achieved.

5. Right to object and contest a decision

You have the opportunity to object to the recording of data in the manner described above in various ways at any time:

  • You can completely prevent the storage of cookies in your browser. However, this means that you may no longer be able to use some of the functions of our website that require identification (shopping cart, orders, personal settings, etc.).

  • You can activate the "Do-not-Track" setting in your browser. Our Matomo system is configured to respect this setting.

  • With a mouse click below you can create a so-called opt-out cookie which is valid for two years. It has the consequence that Matomo will not register your further visits. However, please note that the opt-out cookie will be deleted if you delete all cookies.

IX. Social Media

This website contains links to our social media accounts on Facebook, Twitter, Instagram and LinkedIn. The social media providers will not receive any personal data from you unless you click on the external link and decide to visit the provider's website yourself. Please refer to the respective social media provider's privacy policy for information on how they process your data.

As a user, you can request the deletion of your registration respectively delete it yourself at any time. You may let the data stored about you changed at any time. You can adjust profile data in myWilo yourself at any time.

C. Your rights as a data subject

If your personal data is processed, you are a data subject in the meaning of the GDPR. You have the following rights against the data controller:

I. Access to information

You have the right to request the controller to confirm whether we process any of your personal data. If this is the case, you have the right to request the data controller to furnish you with the following information:

  • The purposes for processing the personal data;

  • The categories of personal data that are processed;

  • The recipients or categories of recipients to whom your personal data was or will be disclosed to;

  • The intended period for storing your personal data or, if no precise information is available, the criteria for determining the period of storage;

  • The existence of a right to the deletion or correction of your personal data, a right to restrict the data processing by the data controller, and a right to revoke your declaration of consent for such data processing;

  • The existence of a right to lodge a complaint with a supervisory authority;

  • All available information on the source of any personal data that was not collected from the data subject;

  • The existence of automated individual decisions, including profiling pursuant to Article 22 (1) and (4) GDPR and, where this is the case, meaningful information regarding the logical reasoning involved and the magnitude and intended effects of such data processing for the data subject.

  • You also have the right to demand information on whether your personal data was transmitted to a third country or an international organisation. You may in this respect demand to be informed about the adequate safeguards pursuant to Article 46 GDPR in relation to the transmission.

II. Right to rectification

You have a right to request the data controller to correct or complete your data if your personal data is incorrect or incomplete. The data controller must correct the data without undue delay.

III.Right to restrict the data processing

You have the right to impose a restriction on the processing of your personal data under the following conditions:

  • you contest the correctness of your personal data and allow the data controller sufficient time to verify the correctness of the personal data;

  • the data processing is unlawful and you decline the deletion of your personal data relating and rather demand the processing of your personal data to be restricted;

  • The data controller no longer requires the personal data for the purposes they were collected for, but you require the data for the purpose of asserting, exercising or defending legal interests, or

  • you have objected against the data processing in accordance with Article 21 (1) GDPR and a decision on whether the data controller’s legitimate interests prevail over yours has not been made.

  • If the processing of your personal data has been restricted, this data – except for their storage – may only be processed with your consent, for the purpose of asserting, exercising or defending legal interests, to protect rights of another person or legal entity or for reasons of important public interest of the European Union or a Member State.

  • If the restriction imposed on the processing of the data under the stated conditions is modified, you will be informed by the data controller before the restriction is lifted.

IV. Right to deletion

1. Obligation to delete data

You may request the controller to promptly delete your personal data and the data controller is under an obligation to delete such data without undue delay, provided one of the following reasons apply:

  • Your personal data is no longer required for the purposes for which they were collected or processed otherwise.

  • You are revoking your consent on which the data processing is based pursuant to Article 6 (1) point (a) or Article 9 (2) point (a) GDPR and there is no other legal basis for the data processing.

  • You object to the data processing in accordance with Article 21 (1) GDPR and there are no overriding legitimate interests in the data processing, or you object against the data processing in accordance with Article 21 (2) GDPR.

  • Your personal data was processed unlawfully.

  • The deletion of your personal data is required to perform a statutory obligation prescribed by EU law or the law of the Member States governing the data controller.

  • Your personal data was collected in relation to services offered by the information society pursuant to Article 8 (1) GDPR.

2. Onward notification of third parties

If the controller has made your personal data public and is under an obligation to delete such data pursuant to Article 17 (1) GDPR, the data controller must, within the bounds of the available technology and implementation costs, take adequate measures, including those of a technical nature, to inform data controllers processing the personal data about the fact that you as the data subject have requested them to delete all links to this personal data, as well as copies or reproductions of this personal data.

3. Exceptions

You do not have a right to the deletion of your data to the extent the data processing is required

  • to exercise the right to freedom of expression and freedom of information;

  • to perform a statutory obligation that requires the data processing under EU law or the law of the Member States governing the data controller, or to perform a function in the public interest or to exercise a public authority conferred upon the data controller;

  • for reasons of public interest in the area of public health pursuant to Article 9 (2) points (h) and (i), as well as Article 9 (3) GDPR;

  • for archiving purposes that are in the public interest, scientific or historical research purposes, or for statistical purposes in accordance with Article 89 (1) GDPR, to the extent the right stated in section a) is expected to render the achievement of the objectives of this data processing infeasible or to significantly impeded them, or

  • for the purpose of asserting, exercising or defend legal interests.

V. Right to onward notification

If you have exercised your right to the correction or deletion of your data, or to impose a restriction on the data processing, against the data controller, the data controller is required to notify all recipients to whom your personal data was disclosed about such correction or deletion of your data, or the imposition of a restriction on the processing of your data, unless such action is infeasible or would entail unreasonable effort or expenses. You have the right to be informed about these recipients of your data by the data controller.

VI. Right to data portability

You have the right to receive your personal data provided to the data controller, in a structured, commonly-used and machine-readable format. You also have the right to transmit the transfer this data to another data controller without interference from the data controller to whom the personal data was originally made available to, provided

  • the data processing is based on consent pursuant to Article 6 (1) point (a) or Article 9 (2) point (a) GDPR, or based on a contract pursuant to Article 6 (1) point (b) GDPR, and

  • the processing is conducted with the help of automated processes.

When you exercise this right, you are also entitled to have the personal data transmitted directly from one data controller to another, subject to technical feasibility. This must not compromise the rights and freedoms of third parties.
The right data portability does not apply to data processing necessary for the performance of a function in the public interest, or in the exercise of a public authority conferred upon the data controller.

VII. Right to object

You have the right to object against the processing of your personal data on the basis of Article 6 (1) point (e) or (f) GDPR for reasons resulting from your personal circumstances at any time; this also applies to profiling based on the same provisions.
The data controller will then cease the processing of your personal data, unless the controller demonstrates compelling legitimate interests in the data processing which prevail over your interests, rights and freedoms, or unless the processing serves the purpose of asserting, exercising or defending legal interests.
Where personal data is processed for direct advertising purposes, you have the right to object against the processing of your personal data for such direct advertising purposes at any time; this also applies to profiling associated with such direct advertising.
Your personal data will no longer be processed for direct advertising purposes if you object against the data processing for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by via automated processes that use technical specifications.

VIII.Right to revoke your declaration of consent under data protection law

You have the right to revoke a previously granted declaration of consent under data protection law. A revocation of consent will be without prejudice to the lawfulness of the data processing conducted prior to the revocation.

IX. Automated individual decisions, including profiling

You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  • is necessary for entering into or performing a contract between you and a data controller;

  • is authorised by Union or Member State law to which the data controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or

  • is based on your explicit consent.

However, decisions must not be based on special categories of personal data pursuant to Article 9 (1) GDPR, unless Article 9 (2) point (a) or (g) applies and suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests are in place. In the cases referred to in points (1) and (3), the data controller must implement suitable measures to safeguard your rights, freedoms and legitimate interests, at least the right to obtain human intervention on the part of the data controller, to express your point of view and to contest the decision.

X. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

If you wish to object against the collection, processing or use of your data by Wilo in accordance with this Data Protection Statement, either categorically or for individual measures, you may send us your objection via e-mail or by regular mail to the following contact details:

The Data Protection Officer of WILO SE, Germany
WILO SE
Wilopark 1
44263 Dortmund
Germany
E-Mail: data-privacy@wilo.com