Contact Downloads
WI HQ Building Header
Transparency and information obligations
for customers, suppliers, contractual partners, stakeholders of Witzenmann GmbH

in accordance with the EU's General Data Protection Regulation (EU GDPR)

This document provides you with information about the processing of your personal data by Witzenmann GmbH and the rights you are entitled to under data protection laws.

Responsible body / Data protection

Witzenmann GmbH
Östliche Karl-Friedrich-Straße 134
75175 Pforzheim

Contact information
Tel.: +49-(0) 7231-581-0
Fax: +49-(0) 7231-581-820

Data protection contact

Categories / Origin of data

Within the framework of the contractual relationship and for the purposes of contract initiation, we process the following personal data:

  • Contact data (e.g. first name/surname of the current and, if applicable, previous contact person as well as name suffixes, company name and address of the customer (employer), mobile and fixed-line telephone number with direct dial, business email address, fax number)
  • Professional data (e.g. role in the company, department)
  • Bank details, if appropriate (also the first name and surname of the account holder for a SEPA direct debit mandate)
  • Information on credit-worthiness, if appropriate

In general, we receive your personal data from you as part of contract initiation or during the ongoing contractual relationship. On an exceptional basis, in certain circumstances we may also collect your personal data from other bodies. This includes special-purpose queries for relevant information with credit agencies, particularly in relation to creditworthiness and credit behaviour.

Purposes and legal bases of the data processing

The processing of your personal data will always comply with the provisions of the EU GDPR, the BDSG (new version) [German Federal Data Protection Act] and other relevant legal provisions.

Your personal data is used exclusively to carry out pre-contractual measures (e.g. to create offers for products or services) and to fulfil contractual obligations (e.g. to carry out our service, supplier contract or order/job/payment processing), (Art. 6 para. 1 (b) EU GDPR) or when a legal obligation related to processing exists (e.g. due to taxation law requirements) (Art. 6 para. 1 (c) EU GDPR). The personal data was originally collected for these purposes.

A permission mandate in accordance with data protection law can, of course, also represent your consent to data processing (Art. 6 para. 1 (a) EU GDPR). Before it is issued, we make clear to you the purpose of the data processing and your right to revoke consent in accordance with Art. 7 paragraph 3 of the EU GDPR.

Witzenmann GmbH is also interested in maintaining a customer relationship with you and sending you information and offers about our products / services via email. We therefore process your data to send you appropriate information and offers (Art. 6 para. 1 (f) EU GDPR).

Your personal data will only be processed for the investigation of crimes under the conditions of Art. 10 EU GDPR.

Data retention period

We will erase your data as soon as you revoke your permission or as soon as it is no longer required for the purposes indicated above. We shall only retain your data beyond the existence of the contractual relationship when we are obligated or entitled to do so. Regulations that impose a retention obligation upon us can be found in the Commercial Code or Revenue Code, for example. This may give rise to a retention obligation of up to ten years. In addition, statutory limitation periods must be observed, these also representing a reason for retention within our company.

Data recipients / Categories of recipients

Within our company, we ensure that your data is only received by persons and departments that need to access it for fulfilment of our contractual and legal obligations. Under these conditions, your data may also be transmitted within the Witzenmann Group. This is generally the case when centralised systems are being used, when the data is provided by the central body to the entire group.

In certain cases, service providers support our specialist departments in the fulfilment of their tasks. The contacts required by data protection legislation will be entered into with all service providers. This is particularly the case in relation to IT service providers, shipping service providers and financial service providers.

Furthermore, in legally prescribed cases we are obligated to transfer specific information to public bodies, e.g. financial authorities, criminal investigation authorities and customs authorities.

Third country transfer / Third country transfer intention

Data transfer to third countries (outside the European Union or European Economic Area) only takes place when this is necessary for implementation of the contractual or supplier relationship or when it is legally prescribed or you have give us your consent to do this.

In connection with this, your personal data may be processed in the Cloud. This is primarily used for the purposes of efficient communication and also for mutual contractual fulfilment. We have concluded the contracts required under data protection laws for this purpose. When the Cloud service provider is located in a country outside the EU / EEA (third country) and, as a result, access to your data cannot be excluded, we will take the measures which are possible and required in accordance with Art. 44 ff. EU GDPR in order to establish the data protection level in the third country concerned.

Rights of the data subjects

Your rights as a data subject are standardised in Art. 15 - 22 EU GDPR.

These include:

  • The right to information (Art. 15 EU GDPR)
  • The right to rectification (Art. 16 EU GDPR)
  • The right to erasure (Art. 17 EU GDPR)
  • The right to restrict data processing (Art. 18 EU GDPR)
  • The right to revoke consent to data processing (Art. 21 EU GDPR)
  • The right to data transferability (Art. 20 EU GDPR)

To exercise these rights, please contact: The same applies if you have questions about data processing within our company or would like to withdraw consent you have given. You can also file complaints about our data processing with a data protection supervisory authority.

If we process your data to safeguard our legitimate interests, you can object to this processing at any time for reasons arising from your specific situation; this also applies to any profiling based upon these provisions. We will then no longer process your personal data unless we can demonstrate compelling reasons, deemed worthy of protection, for the processing, which take precedence over your interests, rights and freedoms or when the processing is performed to assert, exercise or defend against legal claims.

If we process your personal data for the purposes of direct marketing, you have the right to object to this without stating a reason; this also applies for any profiling that is carried out, insofar as it is done in connection with the direct marketing. If you object to data processing for the purposes of direct marketing, we will no longer process your personal data for this purpose.

Obligation to provide data

You are obligated to provide certain data for the establishment or management of a contractual relationship. This is necessary for the establishment, implementation and termination of the contractual relationship and the fulfilment of the associated contractual and legal obligations. Implementation of the contract is impossible without the provision of this data.

Automated decision-making

We do not use any purely automated decision-making processes.