Privacy Policy

We are very pleased about your interest in our company. Data protection is of a particularly high priority for the management of WÜRZ GMBH. The use of the Internet pages of the WÜRZ GMBH is possible without any indication of personal data. However, if a data subject wants to use special services of our enterprise via our website, processing of personal data could become necessary. If processing of personal data is necessary and if there is no legal basis for such processing, we will generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the country-specific data protection regulations applicable to the WÜRZ GMBH. By means of this data protection declaration, our enterprise would like to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, data subjects are informed of their rights by means of this data protection declaration.

As the controller, the WÜRZ GMBH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.


1. Name and address of the data controller

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

Hanns-Martin-Schleyer-Strasse 20a
47877 Willich
Tel.: 0049-(0)2154-4811-0


2. Name and address of the data protection officer

The data protection officer of the controller is:

Christina Bölling
Hanns-Martin-Schleyer-Strasse 20a
47877 Willich
Tel.: 0049-2154-4811-0

Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.


3. Hosting, access data and encryption

You can visit our websites without providing any personal information. Each time you access a website, the web server only automatically saves a so-called server log file, which contains, e.g.

  • the name of the requested file
  • your IP address,
  • date and time of the request,
  • the amount of data transferred and
  • the requesting provider (access data) and documents the retrieval.

This access data is evaluated exclusively for the purpose of ensuring the trouble-free operation of the website and improving our Internet offering. In accordance with Art. 6 Para. 1 S. 1 lit. f DSGVO, this serves to protect our legitimate interests in the correct presentation of our website, which are outweighed by our interests. All access data is deleted within seven days of the end of your visit to the site.

The data is stored for security reasons, e.g. to be able to clarify cases of abuse. If data must be retained for evidentiary reasons, it is exempt from deletion until the incident has been finally clarified.

In order to protect your transmitted data as best as possible, the website operators use SSL encryption. You can recognise such encrypted connections by the prefix “https://” in the page link in the address line of your browser. Unencrypted pages are marked with “http://”. Thanks to SSL encryption, all data that you transmit to this website – for example, when making enquiries or logging in – cannot be read by third parties.


4. Cookies

The internet pages of WÜRZ GMBH use cookies. Cookies are text files that are stored on a computer system via an internet browser.

Numerous Internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which Internet pages and servers can be assigned to the specific Internet browser in which the cookie was stored. This enables the visited Internet pages and servers to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognised and identified via the unique cookie ID.

Through the use of cookies, the WÜRZ GMBH can provide the users of this website with more user-friendly services that would not be possible without the cookie setting.

By means of a cookie, the information and offers on our website can be optimised for the benefit of the user. As already mentioned, cookies enable us to recognise the users of our website. The purpose of this recognition is to make it easier for users to use our website.

The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programmes. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

Each browser differs in the way it manages cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings. This can be found for each browser by following the links below:

Internet Explorer™

If cookies are not accepted, the functionality of our website may be limited.


5. Contact option via the website

Based on statutory provisions, the website of the WÜRZ GMBH contains data that enable a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or by using a contact form, the personal data transmitted by the data subject will be stored automatically. This personal data is not disclosed to third parties. The processing of the data is based on a legitimate interest (Art. 6 para. 1 lit. f DSGVO) in the effective processing of enquiries addressed to us. If you contact us to request a quotation, the data is processed to carry out pre-contractual measures (Art. 6 para. 1 lit. b DSGVO). The transmitted data will be deleted as soon as the purpose for storing the data no longer applies. If a contractual relationship arises, we are subject to the statutory retention periods and delete your data after these periods have expired.


6. Rights of the data subject

a) Right to information

Every data subject has the right granted by the European Directive and Regulation to obtain confirmation from the controller as to whether personal data concerning him or her are being processed. In accordance with Article 15 of the GDPR, every data subject has the right to obtain information about the personal data stored about him or her and a copy of that information.

b) Right to rectification

Pursuant to Article 16 of the GDPR, every person affected by the processing of personal data has the right to demand that inaccurate personal data relating to him or her be corrected without delay. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.

d) Right to erasure (right to be forgotten)

Pursuant to Article 17(1) of the GDPR, every person affected by the processing of personal data has the right to demand from the controller that the personal data concerning him or her be erased without undue delay. The right does not exist insofar as the processing is necessary pursuant to Art. 17 (3) DSGVO.

e) Right to restriction of processing

Any person affected by the processing of personal data has the right, pursuant to Article 18 of the GDPR, to request the controller to restrict the processing.

f) Right to data portability

Any person affected by the processing of personal data has the right, pursuant to Article 20 of the GDPR, to have personal data concerning him or her transferred.

g) Right to object

Any person affected by the processing of personal data has the right, pursuant to Art. 21 DSGVO, to object at any time, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out on the basis of Art. 6(1)(e) or (f) DSGVO.

h) Right to withdraw consent under data protection law

Any person affected by the processing of personal data has the right to revoke consent to the processing of personal data at any time in accordance with Art. 7(3) DSGVO. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

If the data subject wishes to exercise the right to withdraw consent, he or she may, at any time, contact our Data Protection Officer or another employee of the controller.

i) Exercising your rights

To exercise your rights, you can contact the controller or the data protection officer using the contact details provided above. With regard to the right to information and the right to erasure, the restrictions pursuant to Sections 34 and 35 BDSG apply.

j) Right to complain to the supervisory authority pursuant to Art. 77 (1) DSGVO

In addition, there is a right of appeal to the competent supervisory authority:

State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia.
PO Box 20 04 44
40102 Düsseldorf
Tel.: 0211/38424-0
Fax: +49 211/38424-999

The data subject is also free to submit his/her complaint to the supervisory authority in the member state of his/her habitual residence, place of work or place of the alleged infringement.


7. Data protection during job applications and the application procedure

The controller collects and processes the personal data of applicants for the purpose of managing the application procedure. The processing may also be carried out by electronic means. This is the case in particular if an applicant submits relevant application documents by electronic means. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).


8. Legal basis of the processing

Art. 6 I lit. a DS-GVO serves as the legal basis for our company for processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations that are necessary for the delivery of goods or the provision of another service or consideration, the processing is based on Article 6 I lit. b DS-GVO. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in the case of enquiries about our products or services. If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c DS-GVO. In rare cases, the processing of personal data might become necessary in order to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result his or her name, age, health insurance details or other vital information had to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6 I lit. d DS-GVO. Finally, processing operations could be based on Art. 6 I lit. f DS-GVO. Processing operations which are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. Such processing operations are permitted to us in particular because they were specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (recital 47, sentence 2 of the GDPR).


9. Duration for which the personal data are stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After expiry of the period, the corresponding data is routinely deleted if it is no longer required for the performance of the contract or the initiation of the contract.


10. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-provision

We inform you that the provision of personal data is sometimes required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information on the contractual partner). Sometimes, in order to conclude a contract, it may be necessary for a data subject to provide us with personal data that must subsequently be processed by us. For example, the data subject is obliged to provide us with personal data if our company concludes a contract with him or her. Failure to provide the personal data would mean that the contract could not be concluded with the data subject.


11. Existence of automated decision-making

As a responsible company, we do not use automated decision-making or profiling.


Current status: Willich, 01.07.2021



The data protection declaration of WÜRZ GMBH is based on the terms used by the European Directive and Ordinance Maker when issuing the Basic Data Protection Regulation (DS-GVO). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used.

We use the following terms, among others, in this data protection declaration:

(a) personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

(c) processing

Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

e) Profiling

Profiling shall mean any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.

f) Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or data controller

The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

(h) Processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

(i) Recipient

Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.(j) third party

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

k) Consent

Consent is any freely given specific and informed indication of his or her wishes, in the form of a statement or other unambiguous affirmative act, by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.