Provider / Responsible person
Zahnen Technik GmbH
Bahnhofstrasse 24
D-54687 Arzfeld
Phone: +49 6550 / 9290 – 0
Fax: +49 6550 / 9290 – 129
E-mail: info [at] zahnen-technik.de
Data Protection Officer
You can contact our data protection officer at the following e-mail address:
datenschutz@zahnen-technik.de
Competent supervisory authority
The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
P.O. Box 3040
55020 Mainz
Phone: +49 6131 / 8920 – 0
Fax: +49 6131 / 8920 – 299
Mail: poststelle@datenschutz.rlp.de
Scope of the privacy policy
This privacy policy applies to our offer to contact our company via WhatsApp. The part that we influence ourselves is within the scope of application: Namely, that we do not independently transmit any personal data from you to WhatsApp, but merely make the use of the "WhatsApp" platform available to you as a voluntary contact option.
The use of WhatsApp must be initiated by each user themselves and the terms of use required upon registration must be accepted. These terms of use govern the data protection regulations between the provider WhatsApp and the user (you) and are not our responsibility.
The terms of use of other providers to which reference is made, e.g. via links in the course of communication, are governed by their terms of use. Insofar as links are provided to other sites, we have neither influence nor control over the linked content and the data protection provisions there.
Definitions of terms
Art. 4 No. 1 GDPR: "Personal data" [means] any information relating to an identified or identifiable natural person (hereinafter "data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Art. 4 No. 2 GDPR: "Processing" [means] any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Art. 4 No. 7 GDPR: "Controller" [means] the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Art. 4 No. 8 GDPR: "Processor" [is] a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Art. 4 No. 9 GDPR: "Recipient" [means] a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not that person is a third party. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Art. 4 No. 10 GDPR: "Third party" [means] a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Principles of processing
Art. 5 para. 1 lit. a GDPR: Personal data must be processed […] lawfully, fairly and in a transparent manner in relation to the data subject ("lawfulness, fairness and transparency").
Art. 5 para. 1 lit. f GDPR: Personal data must […] be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organizational measures ("integrity and confidentiality").
Art. 29 GDPR: The processor and any person under the authority of the controller or processor who has access to personal data may only process these data on the instructions of the controller, unless they are obliged to do so under Union law or the law of the Member States.
Art. 32 para. 2 GDPR: In assessing the appropriate level of protection, particular account shall be taken of the risks associated with the processing, in particular from destruction, loss or alteration, whether accidental or unlawful, or unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
Art. 33 para. 1 sentence 1 GDPR: In the event of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the […] competent supervisory authority, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
Processing purpose
The provision of the option to contact us via WhatsApp is based on our legitimate interest (Art. 6 para. 1 lit. f GDPR) in being able to provide you with a simple way to contact our company quickly and flexibly.
The use of this service is voluntary and not obligatory. Under no circumstances do we expect you to register with WhatsApp in order to contact us. Since you contact us yourself (initially) to use our service, we assume that your contact with us constitutes consent by implication.
As part of our processing, we do not intend to establish initial contact with you via WhatsApp or to transmit your data independently to WhatsApp or other providers.
To fulfill our processing purposes, we therefore use the more data protection-friendly alternative "WhatsApp Business" on a dedicated device, without an address book. By using "WhatsApp Business", the provider "WhatsApp Ireland Ltd." becomes a processor for us, with whom we have concluded a corresponding data processing agreement in accordance with Art. 28 GDPR. This means that WhatsApp may only process the data of our communication in accordance with our instructions and may not process it for other purposes within the scope of order processing.
We refrain from saving the communication content so that your data is not passed on to third parties.
However, this does not affect WhatsApp's terms of use for private users, which you agreed to when you created your WhatsApp account. This User Agreement is between the end user (you) and WhatsApp. As part of your consent to the user agreement with the provider "WhatsApp", WhatsApp may process your data independently elsewhere and pass it on within the group and cooperation structures. This processing is carried out by the provider "WhatsApp" on its own responsibility and is in no way instructed by us. The terms of use for WhatsApp for private users can be found here: https://www.whatsapp.com/legal/terms-of-service-eea
Categories of personal data collected
When you use our website, we process the following personal data about you: Telephone number, name, address (if applicable) and other personal information transmitted in the course of processing, message history, contact times and communication statistics.
In order for the communication to work, the platform provider also processes other technical information that may allow conclusions to be drawn about you personally. This information is called "metadata" and includes information such as: technical availability, encryption status, conversation partner and duration, etc.
Since the underlying platform "WhatsApp" is used, further data categories are also processed by the provider WhatsApp for the technical provision of the platform offer. These include, among others: Usage, log and functional information, performance, diagnostic and analysis information, information about you from other sources (e.g. from other WhatsApp users, companies, third-party companies and the other meta-companies). The processing of this information by WhatsApp is consented to by each user by accepting the terms of use when creating a private WhatsApp account. This processing is not based on our processing and the underlying order processing, but is carried out by WhatsApp on its own responsibility.
Recipient of the data
The recipient of the data is the company WhatsApp Ireland Ltd. and WhatsApp LLC. Both companies share their data with other meta-companies.
A list of associated meta-companies (and therefore potential data recipients) can be found here: https://faq.whatsapp.com/481188387305001/?locale=de_DE
Third country transfer and ensuring the level of data protection
WhatsApp is a messenger service that belongs to the Meta Group and is provided by the provider WhatsApp LLC (for the EU WhatsApp Ireland Ltd.).
When using WhatsApp in the European region, there is no guarantee that the data will not also be passed on to third-party companies in third countries, as WhatsApp Ireland Ltd. also shares data with partner companies in third countries (including the USA, UK, Singapore and Israel). Furthermore, the terms of use state that WhatsApp also shares data with other companies in the Meta Group that are not necessarily based in the EU.
We cannot guarantee the level of data protection when transferring data to affiliated companies of WhatsApp Ireland Ltd. in third countries.
The responsible service provider of the "WhatsApp" communication platform in the EU is WhatsApp Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("WhatsApp Ireland").
A corresponding data processing agreement in accordance with Art. 28 GDPR has been concluded with WhatsApp Ireland for the purposes of our processing, in which WhatsApp assures us that the data collected there will not be used for WhatsApp's own data processing when using the "WhatsApp Business" variant.
Storage duration and criteria
We ourselves store the data for our joint communication on a local end device without a backup function or data synchronization with other services for a maximum period of one year after the last communication with you.
We cannot make any statement regarding the storage period of the data in the area of the use of the "WhatsApp" platform and refer to WhatsApp's privacy policy: https://www.whatsapp.com/legal/terms-of-service-eea
Regulation on the provision of data
There is no contractual requirement to provide the data. If you do not provide your data, you will not be able to use our WhatsApp contact service.
However, this will not put you at a disadvantage as you can still reach us via the usual contact channels (telephone, e-mail).
Source of the collected data
The data collected by WhatsApp for the use of the platform is collected directly when you register with the service provider.
Data processed by us is collected directly from you in the course of communication.
Automated decision making
Your personal data stored by us is not subject to automated decision-making with legal consequences, including profiling by our company.
The data stored by the service provider WhatsApp is presumably used for profiling as part of its own processing.
Your rights as a data subject
Right to information (Art. 15 GDPR)
You have the right to ask us at any time to what extent we process which of your data and where it may be passed on.
Right to rectification (Art. 16 GDPR)
If we process incorrect data about you, you naturally have the right to demand that we correct our data about you.
Right to erasure (Art. 17 GDPR)
If you no longer wish us to process your data, you have the option of contacting us and insisting that we delete your data, provided that we do not breach any other legal obligations.
Right to restriction of processing (Art. 18 GDPR)
As an alternative to erasure, you may also prohibit us from continuing to actively process your data. This could occur, for example, if we have not yet been able to correct your data record and should not process any further "incorrect" information from you or if our processing purpose has expired.
Right of withdrawal
If we have your consent, which explicitly permits the processing of your data, you may revoke this at any time.
Right to complain
Of course, you also have the right to complain about us and our data protection at any time. To do so, please contact the competent supervisory authority. You will find the contact details at the top of this page.
