Print logo

Privacy Policy

Protecting your privacy when using our website and online shop is important to us.

We treat the data entered within the scope of our Internet offer confidentially.

With this privacy policy, we would like to inform you about the type, scope and purpose of the collection, use and utilization of personal data.

When corresponding via e-mail, please note that this is not a secure form of communication and the contents are not protected from unauthorized access by third parties. For confidential messages, we recommend using the postal service.

1        Person responsible within the meaning of the General Data Protection Regulation

1.1   Contact data of the responsible person

WÜSTHOF GmbH
Kronprinzenstr. 49
42655 Solingen
Germany

Telephone +49 212 20 67-0

E-mail: support.eu@wusthof.com

1.2   Contact details of the data protection officer

Mr Kai Viehmeier
Kai Viehmeier Consulting GmbH
An der Straßenbahn 12
31157 Sarstedt
Germany

Telephone: +49 5066 69 56 080

E-mail: dsgvo@kai-viehmeier-consulting.de

2        Subject of data protection

The subject of data protection is personal data within the meaning of Art. 4 of the General Data Protection Regulation (GDPR), i.e. all information relating to an identified or identifiable natural person (hereinafter referred to as data subject). An identifiable person is a natural person who can be identified directly or indirectly, by means of an identifier, through the data required for the transaction of business. This includes, for example, your name, your address, your telephone number, your e-mail address and other data that is necessary for the business transaction. This does not include data that cannot be linked to your person.

3        Purposes and legal bases of processing

Within the scope of this website, WÜSTHOF processes personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) for the purpose of providing the website and associated content and functions, for the purpose of advertising, marketing and market research, for communicating with users, for responding to contact inquiries and within the scope of security measures (IT security).

3.1   General visits to our website

When you access and use our website, we collect personal data that your browser automatically transmits to our server. When you use our website, we collect the following data, which is technically necessary for us to display our website and to ensure the stability and security of our website:

·       IP address of your computer/Internet connection,

·       Browser used (e.g. browser type and version),

·       Date and time of access,

·       Name and URL of retrieved file,

·       System used by site visitor,

The legal basis for processing is Art. 6  (1) (f) GDPR. The processing of the aforementioned data is necessary for the provision of our website and thus serves to protect a legitimate interest of our company.

As soon as the aforementioned personal data is no longer required to display the website, it will be deleted.

However, we reserve the right to store the data, including the IP address, if there is a specific reason, such as in particular the suspicion of an ongoing or imminent cyber attack, for the purpose of ensuring the ability to operate the website and for the assertion, exercise or defense of legal claims, including the involvement of law enforcement authorities. In this case, data that is not relevant for the aforementioned purposes is routinely deleted after seven days at the latest.

3.2   WÜSTHOF Online-Shops

When you place an order in one of our online shops, we also collect your name, billing and delivery address, the goods ordered and the payment method.

During the ordering process, you have the option of creating a customer account and assigning a password. If you choose to do so, you can view the processing status of your orders here and access your order history. In this respect, the legal basis for the processing is your consent to the creation of a user account within the meaning of Article 6 (1) (a) GDPR, which you can revoke at any time.

Access to our WÜSTHOF Partner Portal for business customers is password protected and is only granted on request. In this case, you will automatically receive a customer account, which you must activate by assigning a password before accessing it, and in which the conditions agreed with you will be stored. The legal basis for processing is Art. 6 (1) (b) GDPR. If you do not wish to create a customer account as a business customer, you can order in our regular online shop via guest access; in this case, however, we cannot consider individually negotiated conditions.

In the course of fulfilling your order, we pass on your address data to parcel or other logistics service providers that we use to dispatch your order. The legal basis for processing is Art. 6 (1) (b) GDPR. However, we will only transmit your e-mail address or telephone number to them with your express consent so that they can inform you about the progress of the shipment; the legal basis in this respect is Article 6 (1) (a) GDPR.

We store the data for the duration of the order processing and beyond that until expiry of the statutory limitation period. If a customer account has been created, we also store your order history until the account is closed.

3.3   Newsletter

To send our newsletter, we need an e-mail address from you, which you provide to us when you register for the newsletter dispatch. Verification of the e-mail address provided is necessary and consent must be given for receipt of the newsletter. After registration, you will receive a confirmation e-mail via an activation link (double opt-in). Supplementary data is not collected or is voluntary. The data is used exclusively for sending the newsletter.

The data provided during newsletter registration is processed on the basis of your consent (Art. 6 (1) (a) GDPR). A revocation of your already given consent is possible at any time. For the revocation, an informal message by e-mail or you unsubscribe via the “unsubscribe” link in the newsletter is sufficient. The legality of the data processing operations already carried out remains unaffected by the revocation.

Data entered to set up the subscription will be deleted when unsubscribing.

3.4   Processing of personal data for sending SMS messages

We use the mobile phone number of our existing customers to send them occasional text messages about special offers or promotions. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. We will also send transaction-related SMS messages for updates, warnings and information. The legal basis for this is the performance of the contract pursuant to Art. 6 para. 1 lit. b GDPR. All other SMS messages are sent exclusively on the basis of consent in accordance with Art. 6 para. 1 lit. a GDPR. You can object to this processing at any time.

To do so, please contact the data protection officer at the address given in this privacy policy.

3.5   Careers/applications

We offer you the opportunity to contact us via our website for the purpose of applying for an advertised position. For the organization and processing of the application process, we use the services of Recruitee B.V., Johan Huizingalaan 763, (1066 VH) Amsterdam, The Netherlands (hereinafter: “Recruitee”). Recruitee is implemented as a web service directly on our website (hereinafter: “Recruitee website”). When you click on “Jobs” on our website, you will be taken directly to our Recruitee website. In this context, we process your personal data to facilitate the entire application process on the legal basis of Art. 6 (1) lit. b and lit. f GDPR.

When you visit our Recruitee website, personal access data is automatically collected, such as the requesting device, the web browser you use and the operating system of your device, the IP address of the requesting device, the requests and responses sent to and from your device, the website from which the Recruitee website was requested and your behavior on the Recruitee website.

The collection of your personal data and the integration of Recruitee in the context of visiting our Recruitee website as well as the related data processing is necessary to monitor and improve the recruitment process and the performance of the Recruitee website, based on our legitimate interest in the efficient design of our internal processes and service, Art. 6 (1) (f) GDPR.

Further, the following personal application data may be processed as part of the application process, including but not limited to any personal data you provide to us via the application form: Name, e-mail address, phone number, picture, cover letter, CV, LinkedIn profile, and the job you have applied for, status, notes and plans regarding your application and e-mail communication.

The collection of your personal data and the integration of Recruitee as part of the application process as well as the associated data processing is necessary for the implementation of pre-contractual measures, which are carried out at your request, Art. 6 (1) (b) GDPR.

After the application process has been completed, we will delete your personal data as soon as possible, unless we have informed you that we need the data for other purposes. In principle, we store the personal data that we have received from you as part of the application process for a period of 6 months.

Your personal usage data must be processed by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (herein “LinkedIn”) and Indeed Ireland Operations Limited, 124 St. Stephen’s Green, Dublin 2, Ireland (herein “Indeed”) in order to enable the “Apply with LinkedIn” and “Apply with Indeed” functionalities, even if you do not use this functionality. LinkedIn and Indeed may use cookies. For more information, please see the privacy policies of LinkedIn (https://www.linkedin.com/legal/privacy-policy) and Indeed (https://www.indeed.com/legal). For more information about Recruitee's data protection, please see Recruitee’s Privacy Policy (https://recruitee.com/de/privacy).

4        Social plug-ins and other external content

For data protection reasons, we do not integrate social plug-ins and other external content directly into our website. When you access our pages, no data is therefore transmitted to social media services such as Facebook, Twitter, XING or Google+. Profiling by third parties is therefore excluded.

You still have the option of sharing our blog posts on Facebook, Twitter, XING or Google+ with one click and can also see how often they have been shared in the past when you call up the posts. For this purpose, we use the so-called Shariff solution, which was developed by c't magazine to offer a privacy-compliant alternative to the classic social plug-ins.

What is it? The Shariff solution results in all data and functions required to display the Facebook, Twitter, XING or Google+ buttons being provided by our web server in a first step. Only when you decide to share a post via the corresponding button and click on it, will data be transmitted to the operator of the respective social media service.

Processing takes place exclusively on the basis of your consent (Art. 6 (1) (a) GDPR).

4.1   Facebook plug-ins

We use so-called social plug-ins of the facebook.com network, such as the “Like” button. These plug-ins are offered and operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA, and are clearly marked with the Facebook logo. When you access a page of ours that contains such a plug-in, your browser establishes a connection to the Facebook servers. The content of the plug-in is transmitted by Facebook directly to your browser and displayed accordingly in our environment without us having any influence on the content of the plug-in. Two-click solution for embedded content: By default, WÜSTHOF embeds deactivated buttons that do not establish contact with the servers of Facebook & Co. The buttons only become active and establish the connection when the user activates these and therefore declares his/her consent to communication with Facebook, Pinterest, Twitter and Google+. Then the user can submit his recommendation with a second click. If he/she is already logged in to the social network of his/her choice, this is done on Facebook and Google+ without another window. Facebook may be able to track your visit to our corresponding pages and assign it to a Facebook account if you are registered with Facebook or have recently visited a Facebook page or page with Facebook content. If you actively use plug-ins (e.g. press the Like button), corresponding information is also transmitted directly from your browser to Facebook without us having any influence over this. For more detailed information on the type, purpose and scope as well as the further processing and use of your data by Facebook, please refer to Facebook’s privacy policy. There you can also find out more about your rights in this regard and the settings options for protecting your privacy. If you do not want Facebook to be able to assign your visit to our pages to your Facebook user account, please log out of your Facebook user account.

4.2   Google Maps

On this website, we embed maps from Google Maps so that we can show you interactive maps directly on the website. This allows you to use the map function conveniently.

By visiting the website, Google receives the information that you have accessed the corresponding subpages of our website This takes place regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data is directly assigned to your account. If you do not wish to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website to meet your needs. Such an evaluation is carried out in particular (even for users who are not logged in) for the provision of needs-based advertising and to inform other users of the social network about your activities on our website.

Processing takes place exclusively on the basis of your consent (Art. 6 (1) (a) GDPR).

4.3   Instagram

Functions of the Instagram service are integrated on our pages. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged in to your Instagram account, you can link the content of our pages to your Instagram profile by clicking on the Instagram button. This allows Instagram to associate the visit to our pages with your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Instagram.

Processing takes place exclusively on the basis of your consent (Art. 6 (1) (a) GDPR).

For more information, please see Instagram’s privacy policy: http://instagram.com/about/legal/privacy/.

4.4   YouTube

Our website uses plug-ins from the YouTube website operated by Google. The operator of the pages is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit one of our pages equipped with a YouTube plug-in, a connection to YouTube’s servers is established. This tells the YouTube server which of our pages you have visited.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account. For more information on the handling of user data, please refer to YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy .

Processing takes place exclusively on the basis of your consent (Art. 6 (1) (a) GDPR).

4.5   Pinterest

On our site, we use social plug-ins of the social network Pinterest, which is operated by Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA (“Pinterest”). For the European region, the Irish company Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) is responsible for all data protection-related aspects.

When you visit a page that contains such a plug-in, your browser establishes a direct connection to the servers of Pinterest. There is a possibility that log data will be transmitted to the Pinterest server in the USA. This log data may include your IP address, the address of websites you visit that also contain Pinterest features, browser type and settings, the date and time of the request, how you use Pinterest, and cookies.

There is no EU Commission adequacy decision for data transfers to the USA. Pinterest ensures an adequate level of data protection via the EU standard contractual clauses.

For more information on the purpose, scope and further processing and use of the data by Pinterest, as well as your rights in this regard and options for protecting your privacy, please refer to the Pinterest privacy policy:

https://policy.pinterest.com/en/privacy-policy

5        Tracking and analysis services

Our website uses various tracking and analysis services with which we record the use of our website in order to make improvements and optimizations.

5.1   Google Analytics

This website uses Google Analytics.

We use the function “Activation of IP anonymization” on this website. However, this means that your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Convention on the European Economic Area. The full IP address is only transmitted to a Google server in the USA and shortened there in exceptional cases.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and Internet usage to the website operator. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

In order to fully comply with the legal data protection requirements, we have concluded an order processing contract with Google.

Processing takes place exclusively on the basis of your consent (Art. 6 (1) (a) GDPR).

5.2   Google Tag Manager

This website uses Google Tag Manager.

Through this tool, “website tags” (i.e. keywords which are included in HTML elements) can be implemented and managed through an interface. By using the Google Tag Manager, we can automatically track which button, link or personalized image you have actively clicked on and can then record which contents of our website are of particular interest to you.

The tool also ensures the triggering of other tags, which in turn may collect data. Google Tag Manager does not access this data. If you have deactivated at the domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

Processing takes place exclusively on the basis of your consent (Art. 6 (1) (a) GDPR).

5.3   Google AdWords and Google Conversion-Tracking

Our website uses Google AdWords. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States.

AdWords is an online advertising program. As part of the online advertising program, we work with conversion tracking. After a click on an ad placed by Google, a cookie is set for conversion tracking. Cookies are small text files that your web browser stores on your terminal device. Google AdWords cookies lose their validity after 30 days and are not used to personally identify users. The cookie allows Google and us to recognize that you clicked on an ad and were redirected to our website.

Every Google AdWords customer is given a different cookie. The cookies are not trackable through AdWords customers’ websites. Conversion cookies are used to create conversion statistics for AdWords customers who use conversion tracking. Adwords customers learn how many users clicked on their ad and were redirected to pages with conversion tracking tag. However, AdWords customers do not receive any information that enables personal identification of users. If you do not wish to participate in tracking, you can object to its use. Here, the conversion cookie must be deactivated in the user settings of the browser. Therefore, there is also no inclusion in the conversion tracking statistics.

For details on Google AdWords and Google Conversion Tracking, please refer to Google’s privacy policy: https://www.google.de/policies/privacy/.

With a modern web browser, you can monitor, restrict or disable the setting of cookies. Disabling cookies may result in limited functionality of our website.

Conversion cookies are only stored on the basis of your consent (Art. 6 (1) (a) GDPR).

5.4   Google DV360

On this website we use the Google DV360 tool from google.com Limited Liability Company (Google DBM) ([data analysis / retargeting]), which collects data for analysis, marketing and optimization purposes and thereby helps us to improve our marketing measures and our website. The data collected is used by Google DV360 to link advertising contacts and clicks on advertisements with a resulting use of our website. In this way, we can determine whether Internet users who have seen our ads visit our website or which products they are interested in. This helps us to use our advertising budget more efficiently. The data collected may also be used by us to deliver advertisements based on your interests (e.g. products viewed). Pseudonymous online identification numbers (online ID) such as cookie IDs, IP address, device IDs, advertising ID / IDFA (e.g. on Android or Apple smartphones) are used for data collection. No unique user-related data such as name or address is stored. All IDs used by us only enable the recognition of your terminal device or your Internet browser. The collected data will not be used to personally identify you as a user of our website without your separate consent.

Processing takes place exclusively on the basis of your consent (Art. 6 (1) (a) GDPR).

5.5   Facebook Conversion API

We use the tracking tool Facebook Conversion API of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, a subsidiary of Facebook Inc. 1601, Willow Road Menlo Park, CA 94025, USA.

This is a data interface through which we transmit data about your behavior on our website to Facebook for evaluation. This allows us to show you advertisements that match your user behavior on our website. 

We use the following data in connection with the Conversion API:

•       E-mail address

•       Telephone number

•       Gender

•       Date of birth

•       First name and surname

•       Town, state and country

•       Postal code

•       User IDs

•       IP address

•       Client User Agent (the browser you are using and your operating system)

•       Click IDs

•       Browser ID

•       Product IDs 

•       Advertising ID

•       Facebook login ID

We transmit the data to Facebook. In the process, the data is also transmitted to Facebook in the USA. 

There is no EU Commission adequacy decision for data transfers to the USA. Facebook ensures an adequate level of data protection via the EU standard contractual clauses. You can access a copy of the contract clauses here: https://www.facebook.com/legal/EU_data_transfer_addendum

Processing takes place exclusively on the basis of your consent (Art. 6 (1) (a) GDPR).

5.6   Custom Audience Pixel

This website uses Custom Audience Pixel, a service of Facebook Inc., USA. Custom Audience Pixel is a Java script code that we have integrated on each of our web pages. We use Custom Audience Pixel to collect information regarding how visitors use our website. This pixel collects and reports to Facebook information about the user’s browser session, a hashed version of the Facebook ID, and the URL being viewed. Each Facebook user has a unique and device-independent Facebook ID that allows us to target and recognize users across multiple devices on the Facebook social network so that we can retarget our visitors for advertising purposes within Facebook ads. After 180 days, user information is deleted until the user visits our website again. Therefore, no personal information about individual website visitors is disclosed to WÜSTHOF and website customer target groups can only be specifically advertised by us as soon as they have reached a significant number.

For more information about Facebook and their privacy settings, please refer to the privacy notices and terms of use of Facebook Inc.

Processing takes place exclusively on the basis of your consent (Art. 6 (1) (a) GDPR).

5.7   Pinterest Retargeting (Pinterest Tag)

We use the Pixel (Pinterest Tag) from Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA. For the European region, the Irish company Pinterest Europe Ltd. (Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland) is responsible for all data protection-related aspects.

This pixel is used to collect information about usage (e.g. information about viewed articles) and transmit it to Pinterest Europe Limited. It cannot be ruled out that data will also be transmitted to the Pinterest server in the USA. There is no EU Commission adequacy decision for data transfers to the USA. Pinterest ensures an adequate level of data protection via the EU standard contractual clauses.

This information transmitted to Pinterest Europe Limited can be assigned with the aid of further information that Pinterest Europe Limited has stored, e.g. due to your ownership of an account on the social network “Pinterest”.

Based on the information collected via the pixel in your Pinterest account, interest-based advertisements can be displayed (retargeting). The information collected via the Pixel may also be aggregated by Pinterest Europe Limited and the aggregated information may be used by Pinterest Europe Limited for its own advertising purposes and for the advertising purposes of third parties.

Pinterest Europe Limited may also combine the information collected via the pixel with other information that Pinterest Europe Limited has collected from you via other websites and/or in connection with your use of the Pinterest social network, so that a profile may be stored at Pinterest Europe Limited.

This profile can be used for advertising purposes. Further information on data protection at Pinterest Europe Limited can be found here: https://policy.pinterest.com/en/privacy-policy

Processing takes place exclusively on the basis of your consent (Art. 6 (1) (a) GDPR).

5.8   Issuu

This website uses the web service of Issuu, Inc., 131 Lytton Ave, Palo Alto, CA 94301, USA. Issuu uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site.

The information generated by the cookie about your use of this website is usually transferred to a server of Issuu in the USA and stored there. The transfer takes place if you have JavaScript enabled in your browser. You can prevent the use of cookies by selecting the appropriate settings on your browser software or by installing a JavaScript blocker (e.g. www.noscript.net). Further information on the extent to which and the purposes for which Issuu uses the data collected can be found on the Issuu Inc. website at http://issuu.com/legal/privacy.

Processing takes place exclusively on the basis of your consent (Art. 6 (1) (a) GDPR).

5.9   Further external service provider Shopify

We use “Shopify” to host our store system.

Processing in the European Economic Area (EEA) is carried out by Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland, hereinafter referred to only as “Shopify”.

The legal basis is Art. 6 (1) (b) GDPR.

Shopify processes the following data on our behalf:

Name, billing and, if applicable, delivery address, email address, payment data, company name if applicable, telephone number if applicable, IP address, information about orders, information about the merchant shops supported by Shopify that you visit, and information about your terminal device and your Internet browser.

Shopify also offers further data protection information at https://www.shopify.com/legal/privacy.

5.10        Shopify Payments

We use the payment service provider “Shopify Payments”, 3rd Floor, Europa House, Harcourt Building, Harcourt Street, Dublin 2. If you choose a payment method offered via the payment service provider Shopify Payments, payment processing is carried out via the technical service provider Stripe Payments Europe Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we pass on the information you provided during the ordering process together with information about your order (name, address, account number, bank sort code, credit card number if applicable, invoice amount, currency and transaction number) in accordance with Art. 6 (1) (b) GDPR. Your data will only be passed on for the purpose of processing payments with Stripe Payments Europe Ltd. and only to the extent necessary for this purpose. For more information about Shopify Payments’ privacy practices, please visit the following web address: https://www.shopify.com/legal/privacy.

You can find data protection information on Stripe Payments Europe Ltd. here: https://stripe.com/de/privacy.

5.11        Storybloks

We use the Content Management System (CMS) of Storyblok GmbH, Peter-Behrens-Platz 2, 4020 Linz, Austria. In Storybloks, we maintain the website texts. Storybloks is used to capture and maintain website content via the Storyblok CMS. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR. You can learn more about the data protection measures of Storyblok GmbH at  https://www.storyblok.com/privacy-policy.

5.12        Zendesk

We use the Zendesk ticketing system, a customer service platform provided by Zendesk Inc, 989 Market Street #300, San Francisco, CA 94102, to handle customer requests. For this purpose, necessary data such as surname, first name, postal address, telephone number, e-mail address are collected via our website in order to be able to answer your need for information. For more information about Zendesk’s data processing, please see Zendesk’s privacy policy at http://www.zendesk.com/company/privacy.

The legal basis for processing with Zendesk is Art. 6 (1) (a) GDPR, insofar as your consent is given, otherwise (1) (b) GDPR, insofar as the processing of your request applies to the preparation or implementation of a contractual relationship, and (1) (f), insofar as there is no contractual relationship, in which case our legitimate interest is to respond to your request.

Zendesk uses approved Binding Corporate Rules (BCRs) as the legal basis for transferring data to the United States. Zendesk has gone through the EU approval process with the Irish Data Protection Commissioner (“DPC”) for its binding internal data protection rules, both as a processor and as a data controller (verified and confirmed by the UK Information Commissioner’s Office and the Dutch Data Protection Authority).

6        Other recipients of your personal data

Alongside the service providers stated in clauses 3.2, 3.4 and 4 to 5.12 we also pass your data onto to the following recipients:

·       Other processors whose services we use in particular for the provision of IT services.

·       Postal and telecommunications service providers whose services we use to communicate with you. The legal basis for this is Art. 6 (1) (b) GDPR, insofar as the contact is made to initiate a contract or in connection with an existing contract, otherwise our legitimate interest in the sense of Art. 6 (1) (f) GDPR in efficient communication.

·       Tax advisors, auditors, lawyers and other third parties subject to professional secrecy as well as other advisors, in each case to the extent necessary for the utilization of advisory services. The legal basis for this is our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in the use of such services.

·       Authorities, courts, authorized persons, insofar as there is a legal or regulatory obligation to do so or this serves the enforcement or defense of legal claims. The legal basis for this is Art. 6 (1) (c) GDPR in the case of a legal obligation, and otherwise our legitimate interest within the meaning of Art. 6 (1) (f) GDPR in the enforcement of our legal interests.

7        Transfer to recipients outside the European Economic Area (EEA)

We also transfer your data to recipients outside the European Economic Area (EEA) (so-called third countries). These third countries are as follows:

·       Canada

·       United States of America (USA)

Canada has an adequate level of data protection according to the Commission Decision of December 20, 2001 (2002/2/EC, notified under C(2001) 4539).

For USA., there is no effective decision by the European Commission that would have established an adequate level of data protection. We therefore provide appropriate safeguards to ensure that your personal data remains adequately protected in the United States. In the case of Zendesk (see section 5.12), these are binding internal data protection rules (also known as Binding Corporate Rules - BCR) approved by the competent data protection authority; otherwise, they are contracts based on the standard data protection clauses published by the European Commission. You may request a copy of the warranties by contacting us as described in clauses 1.2.

8        Security measures

In accordance with Art. 32 GDPR, WÜSTHOF shall ensure processing by appropriate technical, organizational and contractual measures, taking into account the state of the art and the nature, scope, circumstance, purpose of the processing, as well as the implementation costs, in order to protect the user’s personal data against accidental or unlawful manipulation, destruction, deletion, loss and against unauthorized access or disclosure.

Security measures include, in particular, ensuring the confidentiality, integrity and availability of data through physical access and logical access controls, as well as other controls relating to the entry, disclosure, security, availability and segregation of personal data. This also includes the encrypted transmission of data between your browser and our server.

WÜSTHOF has also set up procedures that guarantee a reaction to the endangerment of data, the deletion of data and the exercise of data subject rights.

8.1   TLS encryption

This site uses TLS encryption for security reasons and to protect the transmission of confidential content, such as search queries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If TLS encryption is enabled, the data you transmit to us cannot be read by third parties.

9        Right to disclosure, revocation and deletion according to chapter 3 GDPR

As a data subject, you have the right in accordance with Art. 15 GDPR to receive, upon request and free of charge, information about the personal data stored by us, its origin and recipients, as well as the purpose of data processing.

In addition, you have a right to correction (pursuant to Art. 16 GDPR), blocking (pursuant to Art. 18  GDPR) and deletion (pursuant to Art. 17 GDPR) of the personal data and, where applicable, a right to data portability (pursuant to Art. 20 GDPR). Furthermore, you have the right to file a complaint (pursuant to Art. 77 GDPR) with the competent supervisory authority upon the assumption of unlawful data processing. Please send a corresponding request or a request for correction, blocking, deletion or data portability of your personal data stored by us by e-mail to dsgvo@kai-viehmeier-consulting.de. In the subject line, please alternatively state: “Data deletion” or “Data blocking” or “Data correction” or “Data portability”. We will, to the extent legally possible, arrange for the deletion or blocking of your data or make the necessary corrections or data portability.

Likewise, you have the right to revoke the consent, in principle with effect for the future, according to Art. 7 (3) GDPR. For this purpose, please send a corresponding request or a request for revocation by e-mail to dsgvo@kai-viehmeier-consulting.de. In the subject line, please alternatively state: “Revocation”.

Furthermore, you can object to future processing of your personal data at any time in accordance with Art. 21 GDPR. For this purpose, it is sufficient to send us a corresponding e-mail to dsgvo@kai-viehmeier-consulting.de.

A deletion of the stored personal data takes place, provided that the deletion does not conflict with any statutory retention obligations or the personal data is no longer required for its purpose in accordance with Art. 17 GDPR. If there is a legally permissible reason for the continued storage of the personal data, WÜSTHOF shall restrict its processing in accordance with Article 18 GDPR by blocking this data and no longer processing it for other purposes. This applies in particular to data that must be retained for tax and commercial law reasons.

The duration of the storage of personal data depends on the respective legal requirements. According to § 257 (1) HGB (among others commercial books, annual financial statements and commercial letters) the data must be kept for 6 years and according to § 147 (1) AO (among others records, books and commercial and business letters) the data must be kept for 10 years.

If you have any questions regarding the collection, processing and use of your personal data, in general on the subject of data protection or in the event of complaints, please contact our data protection officer, who is also available to you in the event of complaints at the e-mail address dsgvo@kai-viehmeier-consulting.de.

10     Updates of this privacy policy

WÜSTHOF reserves the right to update this data protection declaration if necessary in order to adapt it to technical developments or in connection with the offer of new services or products.