We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the WISTA Management GmbH. The following provides information about the collection of personal data when using our web pages.
The privacy policy of WISTA Management GmbH is based on the terms used by the European legislator in the General Data Protection Regulation (GDPR). Our privacy policy should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.
We use the following terms, among others, in this privacy policy:
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
A data subject is any identified or identifiable natural person whose personal data is processed by the controller.
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, reading, querying, use, disclosure by submission, dissemination or any other form of provision, comparison or linking, restriction, deletion or destruction.
Restriction of processing is the marking of stored personal data with the aim of limiting its future processing.
Profiling is any form of automated processing of personal data that consists of using this personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient is a natural or legal person, public authority, agency or other body to whom personal data is disclosed, regardless of whether or not it is a third party. However, public authorities that may receive personal data in the context of a specific investigation task under Union or Member State law shall not be considered as recipients.
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
The controller within the meaning of the General Data Protection Regulation, other data protection laws in force in the Member States of the European Union and other provisions of a data protection nature is:
WISTA Management GmbH
Rudower Chaussee 17
12489 Berlin
Germany
Tel.: +49 30 6392-2200
Email: info(at)wista.de
Website: www.wista.de
You can contact our data protection officer at the above address or at the following email address:
Email: datenschutz(at)wista.de
Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.
We are happy to provide you with information about whether and which of your personal data we process and for what purposes (Art. 15 GDPR). In addition, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR) and the right to data portability (Art. 20 GDPR) under the respective legal requirements.
You have the right to object to the processing under the legal requirements (Art. 21 GDPR).
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6 (1) p. 1 lit. e (data processing for the performance of a task carried out in the public interest) or lit. f (data processing for the purposes of legitimate interests); this also applies to profiling based on those provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims (Art. 21 (1) GDPR).
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing (Art. 21 (2) GDPR).
To exercise your rights, please contact us by email at datenschutz(at)wista.de or by post at WISTA Management GmbH, Rudower Chaussee 17, 12489 Berlin. Exercising your rights is free of charge for you.
Without prejudice to these rights and the possibility of asserting a different administrative or judicial remedy, you have the option at any time to assert your right to complain to a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of the personal data concerning you violates data protection regulations (Art. 77 GDPR).
The processing of personal data can be based on various legal bases. If we need your data to fulfill a contract with you or to answer your questions regarding a contract, the legal basis for this data processing is Art. 6 (1) p. 1 lit. b GDPR. If we obtain your consent for a specific data processing, the legal basis is Art. 6 (1) p. 1 lit. a GDPR. We carry out some data processing on the basis of our legitimate interest, whereby your interests worthy of protection and our legitimate interests are always weighed up. The legal basis for this is Article 6 (1) p. 1 lit. f GDPR. Insofar as the processing is necessary for compliance with a legal obligation to which we are subject, the legal basis is Article 6 (1) p. 1 lit. c GDPR.
In the following, we explain how we process personal data via our websites.
When you contact us by email, we store the data you provide (your email address, possibly your name and your telephone number) in order to answer your questions and process your requests. The legal basis for this is Art. 6 (1) p. 1 lit. f GDPR.
Any information you provide that is not required for establishing contact is provided voluntarily. Any information we request that is not required for processing your request is always marked as optional. This information helps us to clarify your request and to better process your concern. Any communication of this information occurs expressly on a voluntary basis and with your consent, Art. 6 (1) p. 1 lit. a GDPR. Insofar as this information relates to communication channels (e.g. an additional e-mail address, telephone number), you also consent to us contacting you via this communication channel in order to respond to your request. Of course, you can withdraw this consent at any time for the future.
Your data, which we have received in the course of establishing contact, will be deleted as soon as it is no longer needed to achieve the purpose for which it was collected, your request has been fully processed and no further communication with you is necessary or desired by you.
As the controller, WISTA Management GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. In any case, the transmission of unencrypted e-mails is not secure. We therefore ask you not to send sensitive data by unencrypted e-mail, but to use either encrypted communication channels or the postal service for this purpose.
When using the website for informational purposes only, we collect the following technical information (log file data):
The collection of this data is technically necessary to display our website and to ensure stability and security. We (and our service provider) are generally unaware of who is behind an IP address. We do not combine the above data with other data.
The legal basis is Art. 6 (1) p. 1 lit. f GDPR; to the extent that absolutely necessary access to information stored in the user’s terminal equipment takes place, also Section 25 (2) no. 2 TDDDG.
Since the collection of data for the provision of the website and the storage in log files are absolutely necessary for the operation of the website and to protect against misuse, our legitimate interest in data processing prevails at this point.
Cookies are data that are stored on your computer by a website that you visit and enable your browser to be reassigned. Cookies are used to transmit information to the location that sets the cookie. Cookies can store various information, such as your language settings, the duration of your visit to our website or the entries you have made there. This avoids, for example, you having to re-enter the required form data each time you use it. The information stored in cookies can also be used to identify preferences and align content with areas of interest.
There are different types of cookies: session cookies are data volumes that are only stored temporarily in the main memory and are deleted when you close your browser. Permanent or persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. The information from these cookies may also be stored in text files on your computer. However, you can also delete these cookies at any time via your browser settings.
First-party cookies are set by the website you are currently visiting. Only this website may read information from these cookies. Third-party cookies are set by organizations that do not operate the website you are visiting. These cookies are used, for example, by marketing companies.
The legal basis for possible processing of personal data using cookies and their storage duration may vary. If you have given us your consent, the legal basis is Art. 6 (1) p. 1 lit. a GDPR. If the data processing is based on our overriding legitimate interests, the legal basis is Art. 6 (1) p. 1 lit. f GDPR. The stated purpose then corresponds to our legitimate interest.
Insofar as we access an end device used by you within the meaning of Section 2 (2) no. 6 TDDDG with cookies or similar technologies, by storing or reading information there independently of personal references, we will obtain your purpose-related, voluntary and informed consent in accordance with Section 25 (1) TDDDG.
Insofar as the consent can be bundled according to the GDPR and the TDDDG, we will obtain it in a standardized manner.
No consent under the TDDDG is required for access to information in your terminal device that is already stored there and has been sent to us by actively transmitting it; this concerns the public IP address of the terminal device, the address of the website accessed, the user agent string with browser and operating system including version and the language set.
Furthermore, consent under the TDDDG is not required if the cookie or similar technology is used to ensure the transmission of a message over a public telecommunications network (Section 25 (2) no. 1 TDDDG) or if the setting of the cookies and thus the storage of information in your terminal equipment or access to information already stored in your terminal equipment is absolutely necessary to provide a telemedia service expressly requested by you (Section 25 (2) no. 2 TDDDG).
We use cookies to ensure the proper functioning of the website and to provide basic functionality.
You can delete cookies already stored on your device at any time. If you want to prevent cookies from being stored, you can do so through the settings in your internet browser. Alternatively, you can also install so-called ad blockers. Please note that individual functions of our website may not work if you have disabled the use of cookies.
According to the law, we can store cookies on your device if they are absolutely necessary for the operation of this site. For all other types of cookies, we need your consent. However, such processing activities that require consent do not take place on the website.
The following technically necessary cookies are set:
Cookie: wpEmojiSettingsSupports
Description: WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user’s browser can display emojis properly.
Duration: Session
In principle, your personal data will not be transmitted to third parties unless we are legally obliged to do so, or the data transfer is necessary for the execution of the contractual relationship, or you have expressly consented to the transfer of your data in advance.
External service providers and partner companies, such as IT service providers, will only receive your data to the extent necessary. In these cases, however, the amount of data transmitted is limited to the required minimum. Insofar as our service providers process your personal data on our behalf, we ensure that they comply with the provisions of data protection laws in the same way as part of the order processing in accordance with Art. 28 GDPR.
Please also note the privacy policies of the respective providers. The respective service provider is responsible for the content of external services, although we do check that the services comply with legal requirements as far as is reasonably possible.
We attach great importance to processing your data within the EU/EEA. However, we may use service providers that process data outside the EU/EEA. In such cases, we ensure that an adequate level of data protection, comparable to standards within the EU, is established at the recipient’s end before your personal data is transferred. This can be achieved, for example, with EU standard contracts or binding corporate rules or special agreements to which the company can subject itself.
We have taken extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological progress.
ST3AM wurde im Rahmen der Gemeinschaftsaufgabe „Verbesserung der regionalen Wirtschaftsstruktur“ (GRW) mit Bundes- und Landesmitteln gefördert.