DATA PROTECTION

The protection of your personal data is important to us. Your personal data will therefore be processed in accordance with the statutory data protection regulations. In our “Data protection information” we inform you about the processing of your personal data by us and the rights to which you are entitled under the General Data Protection Regulation (GDPR). You will find all relevant information on the processing of your personal data when you visit our website in our “Data protection information”.

If you wish to change your data protection settings, you can adjust your consent at here.

Last update: 31. 01. 2023

Data protection information of Westernacher Solutions GmbH

We hereby inform you about the processing of your personal data by Westernacher Solutions GmbH and the rights to which you are entitled under the GDPR.

Person responsible

Westernacher Solutions GmbH
Columbiadamm 37
10965 Berlin, Germany
Phone: + 49 30-5858122-5
E-mail: solutions@westernacher.com

Data protection officer

Krisp Services GmbH & Co KG
Mrs. Heike Kraus
Von-Reichenau-Str. 6a
69231 Rauenberg
Phone: 06222 / 938666
E-mail: westernacher@krisp.services

Note on e-mail communication and the secure exchange of data

We would like to point out that emails sent without end-to-end encryption could be read or modified during transmission without authorization or detection. We therefore recommend that you do not send us any sensitive information by e-mail. E-mails containing personal data and/or sensitive information should be sent with at least transport encryption. If you require further information on encryption options or on secure data exchange in general, please get in touch with your direct contact at our company so that together we can find a practicable solution to make the exchange of data as secure as possible.

Personal data processed by us

We process personal data in various contexts:

Personal data of our customers, suppliers and service providers are processed for the execution of orders, for invoicing and subsequent accounting as well as for administration and contact. This includes:

  • Master data (surname, first name, address, contact data, payment data, partner status, partner number)
  • Communication and order data (times and content of conversations, orders placed, order history)
  • Data on order execution (order date, service content, cost estimate or invoice, information on order execution, deadlines, etc.)

The processing of the personal data of applicants and employees is explained directly at the time of collection (see below Own services>Applications) or internally via corresponding information sheets or the intranet.

Purposes and legal bases of data processing

We process your personal data in accordance with the provisions of the GDPR and the German Federal Data Protection Act (BDSG).

The legal basis for the processing of your data is Art. 6 para. 1 lit. b GDPR, i.e. the data is required for the performance of a contract or pre-contractual legal relationship. Insofar as special categories of personal data are required for this, we request your prior consent in accordance with Art. 9 para. 2 lit. a GDPR in conjunction with Art. 7 GDPR. We also process your data if this is required under Art. 6 para. 1 lit. f GDPR is required to protect our legitimate interests or those of third parties. This may be the case in particular:

  • for advertising our own products and other products of the group of companies as well as for market and opinion surveys
  • to ensure the security of our systems
  • for the prevention and investigation of criminal offenses, in particular data analysis to detect indications that could point to abuse

In addition, we process your personal data to fulfill legal obligations (e.g. regulatory requirements, commercial and tax retention obligations). The legal basis for this is the respective legal regulation in conjunction with Art. 6 para. 1 lit. c GDPR.

If you have given your consent, for example for advertising and marketing purposes, the data will also be processed for the purposes stated in the consent. The legal basis for this data processing is Art. 6 para. 1 lit. a GDPR. You can revoke your consent to the use of your personal data for advertising and marketing purposes at any time.

If we wish to process your personal data for any other purpose not mentioned above, we will inform you in advance.

Recipients of your data

If necessary for contract processing, we will transfer your data to other service partners, e.g. to locations of the Westernacher Group for the purposes of project processing and sales. In the context of certain service relationships, your data will, for example to tax authorities, banks, tax consultants for the execution of financial transactions, credit agencies for the collection of information, debt collection agencies for the collection of receivables, lawyers for legal services, disposal companies for the disposal of physical files and data carriers as well as postal and parcel service providers for the execution of postal mailings and dispatch of articles (e.g. brochures).

For further information, please contact the data protection officer using the contact details provided.

Duration of data storage

We delete your personal data as soon as it is no longer required for the above-mentioned purposes and any existing statutory retention periods have expired.

Obligations to provide evidence and retain records arise from the German Commercial Code, the German Fiscal Code and the German Money Laundering Act, among others. The storage periods are then up to ten years.

If claims can be asserted against our company, we will retain the data until expiry of the relevant statutory limitation periods. We retain personal data that is relevant to an existing legal dispute until the legal dispute has been concluded.

Your rights

You can request information about your data stored by us at any time. You also have the right to demand the correction of incorrect data or, if the legal requirements are met, the correction, restriction or deletion of your data.

You can informally object to the use of your data for the purposes of direct advertising or market research or for the needs-based design of telemedia at any time.

You can revoke your consent informally by contacting the data protection officer using the contact details given above. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.

Upon request, we will send you your data stored by us in a structured, commonly used and machine-readable format that you can use for further processing.

To exercise all these rights and for all other questions or complaints about data protection, you can contact our data protection officer at any time using the contact details above.
You also have the right to lodge a complaint with a data protection supervisory authority at any time.

Data protection information on the use of our websites

We hereby inform you about the processing of your personal data by Westernacher Solutions GmbH when using our websites and the rights to which you are entitled under the GDPR. Art. 13 GDPR.

Objectives and contacts

This data protection information clarifies the type, scope and purpose of the processing (including collection, processing and use as well as obtaining consent) of personal data when using our website, its functions and content. The data protection information applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the website is run.

The controller is Westernacher Solutions GmbH, Managing Director: Dr. Heiko Pfeffer-Orth, Columbiadamm 37, 10965 Berlin (hereinafter referred to as “provider”, “we” or “us”). For contact details, please refer to our legal notice.

You can contact our data protection officer at any time with a request for information at the following e-mail address:

Krisp Services GmbH & Co KG
Mrs. Heike Kraus
Von-Reichenau-Str. 6a
69231 Rauenberg
Phone: 06222 / 938666
E-mail: westernacher@krisp.services

Transmission security

By default, this website offers the so-called SSL security system (Secure Socket Layer) in conjunction with 128-bit encryption for data transfer in order to protect the data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security measures are continuously adapted in line with technological developments. You can recognize the encrypted data transmission by the closed representation of a key or lock symbol in the upper status bar of your browser.

Collection of usage data when visiting this website

When you use any website, a range of information about you as a user is collected, which can at least theoretically be linked to a specific user via the IP address, specific user settings, cookies or other identification options. This data is used for technical purposes to display the page and to optimize the page by statistically recording user behavior, but can also be used to redisplay information or entries already made to the user after an abort.

Transmission of browser data and settings

The following describes which usage data is collected on this site and which other services are used on this site. In the case of purely informational use of the website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our hosting provider. We host our website with our processor Raidboxes (RAIDBOXES GmbH, Friedrich-Ebert-Straße 7, 48153 Münster, Germany). Connection data is processed for the purpose of providing and delivering the website. For the sole purpose of delivering and providing the website, the data is not stored beyond the call. The legal basis for data processing is the legitimate interest (absolute technical necessity for the provision and delivery of the “website” service expressly requested by you by calling it up), Art. 6 para. 1 lit. f GDPR. In order to operate the website, the connection data and other personal data are also processed as part of various other functions and services. Detailed information on this is provided in this data protection notice for the individual functions and services.

We log and save log files on the server side, in particular in the event of errors, e.g. log-ins. IP addresses are stored for up to 365 days. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR, the legitimate interest in error analysis and correction.

As part of the above-mentioned logging and for display purposes, the following data is collected, which is technically necessary to display our website to you and to ensure its stability and security. The legal basis for processing is Art. 6 para. 1 lit. f GDPR (legitimate interest):

  • IP address
  • Date and time of the request
  • Content of the request (specific page)
  • Access status / https status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser used
  • Operating system
  • Language and version of the browser software
  • Referrer (origin page)
  • Other technical parameters, e.g.
    • JavaScript support
    • Number and type of installed plug-ins
    • Size of the browser window
    • Resolution of the screen
    • Supported languages
    • Installed fonts

Basic information on data processing

We process your personal data as a user of our website in compliance with the relevant data protection regulations in accordance with the principles of data minimization and data avoidance. This means that your data will only be processed if there is legal permission or if required by law or if you have given your consent.

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and that the data processed by us is protected against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.

Recipients outside the EU

When using the website, it may also be necessary to transfer your personal data to a country outside the EU or the EEA (hereinafter referred to as a third country). Usage data may be transferred outside the EU if various providers of advertising services, analysis services or services integrated into this website are based outside the EU and parts of the processing within the scope of these services are carried out via servers outside the EU. Reference is made to these services below by means of corresponding notes. In these cases, only the data required for processing is transferred, but no adequate level of data protection can be guaranteed for processing abroad or by the recipient.

The legal basis for the international transfer is your consent to this use of services in accordance with Art. 49 para. 1 lit. a GDPR. The granting of this consent is explained in the section “Tools and services”. The transfer to certain third countries entails the risk that your data may be read and analyzed by secret services and security authorities of the respective country without adequate legal protection or appropriate constitutional guarantees. As a result, there is a possibility that your personal profile may be created without your knowledge, the evaluation of which may lead to actual restrictions by these countries or to further checks by these countries.

In order to be able to offer you additional legal guarantees, standard contractual clauses are generally also concluded for the services used. In some cases, the integrated service is offered by a company based in Europe, but the data processing is carried out for certain processing purposes by a parent company based outside the EU. In these cases, the subsidiary established in Europe is responsible for ensuring compliance with the level of data protection (e.g. by concluding standard contractual clauses).

For further information, please contact the data protection officer using the contact details provided.

Your rights

As the data subject, you have the following rights vis-à-vis us:

Information

You can request information about your data stored by us at any time by contacting Westernacher Solutions GmbH or the data protection officer using the contact details given above.

Correction, restriction and deletion

You also have the right to demand the correction of incorrect data or, if the legal requirements are met, the correction, restriction or deletion of your data.

Contradiction

You can informally object to the use of your data for the purposes of direct advertising or market research at any time.

Consent given on this page can also be revoked informally using the contact details given above or via the links provided for this purpose on this website or in the e-mails that are based on your consent. This does not affect the lawfulness of the processing carried out until the revocation.

You can object to the use of web analysis tools, tracking services, re-targeting services and the collection of your usage data in general by clicking on the relevant links for the services in this privacy policy.

You can revoke the storage of your data when using the contact form on this page informally using the contact details above. In this case, we will no longer process your data unless there are compelling reasons for further storage that are worthy of protection and outweigh the revocation or the processing serves to pursue legal claims.

Data portability

Upon request, we will send you your data stored by us in a structured, commonly used and machine-readable format that you can use for further processing.

If you have any queries in this regard, please send them to the address stated in the legal notice with the addition “Data protection” or to the e-mail address westernacher@krisp.services.

Any transmission requires your unambiguous authentication as the data subject or can only be made to an address already stored in your data.

Right of appeal

You also have the right to lodge a complaint with a data protection supervisory authority at any time.

If you have any questions or complaints about data protection, you can also contact our data protection officer at any time using the contact details given above.

Own services

Contact form

You can contact us directly via a contact form on our website. All mandatory information is marked (*). The data is transmitted via a secure SSL connection. We then process the personal data entered by you for the purpose of processing your request on the basis of your consent given prior to sending in accordance with Art. 6 para. 1 lit. f GDPR. Art. 6 para. 1 lit. a GDPR.

The data you provide will be forwarded to the area you have selected and used exclusively to support you with your request. Your data will be stored as a process for reasons of traceability and for customer support and will be stored for three months after completion of the process and then deleted. You can informally withdraw your consent to the processing of your personal data at any time by contacting the data protection officer using the contact details provided. This does not affect the lawfulness of the processing carried out until the revocation.

Application

If you apply for a job with us, you will be provided with the application tool of the provider JazzHR on our website. JazzHR is responsible for the collection of usage data when using the application tool. Your submitted application data will be recorded by JazzHR on our behalf and only made available to selected employees at our company. The data you provide via the web form is transmitted via a secure TLS connection.

Data that is absolutely necessary for the acceptance of your application is marked with an asterisk.

Alternatively, you can also send us your application via the e-mail address provided. Please note that transmission by e-mail is generally not a secure method for the transmission of personal data.

As part of the application process, we process personal data from the application, i.e. your name and contact details as well as information about your education, your skills, your professional career, any personal information about your marital status and references.

The documents you send us will be deleted in full no later than three months after completion of the application process, unless an employment contract has been concluded with you. The legal basis for data processing is the (pre-)contractual relationship, Section 26 BDSG.

If we are interested in retaining your documents (e.g. for consideration when filling a position at a later date), you will be asked for your consent beforehand, unless you have already given your consent in the application form. In this case, your data will be stored for two years. The legal basis for this data processing is your consent, Art. 6 para. 1 lit. a GDPR.

If your application is not for a specific position and is not part of a specific recruitment process (talent pool), we will also store your data for two years. The legal basis for data processing is your consent, Art. 6 para. 1 lit. a GDPR.

Tools and services

Functionality and types of cookies

Cookies are small text files that are saved by your browser and stored on your end device. They contain various data, e.g. duration of the website visit or user input, but may also contain identification codes for recognition. They may originate both from us as the website provider (so-called first-party cookies) and, in the case of cooperation with third parties, also from them (so-called third-party cookies) and may be stored for different periods of time (e.g. for the duration of use of the website up to several weeks and years).

You can set your browser so that you are notified as soon as cookies are sent. You can also delete the cookies on your computer’s hard disk yourself at any time. You can prevent the storage of cookies in your browser by restricting or deactivating the storage and reading of cookies via the menu bar “Tools > Internet options > Privacy” (Internet Explorer) or “Settings > Privacy” (Firefox). In this case, the full functionality of the website will no longer be available to you.

First-party cookies

Our website uses first-party cookies, so-called “session cookies”. They are used to store data relevant to the website visit or to recognize your computer during your visit (e.g. easier password entry). These cookies do not require consent and guarantee the full technical functionality of the website. The legal basis for processing is § 25 para. 2 sentence 2 no. 2 of the Telecommunications Telemedia Data Protection Act (TTDSG).

Third-party cookies

If we work with third parties, you will be informed individually and separately about the use of such cookies and the scope of the information collected in each case within the following paragraphs on the respective third-party service providers. The legal basis for processing is your consent, § 25 para. 2 sentence 1 TTDSG, or Art. 6 para. 1 lit. a GDPR.

Use of the Borlabs cookie consent tool

This website uses the “Borlabs Cookie” tool to obtain the consent required for the use of certain cookies or pixels. In order to fulfill the consent requirements under the GDPR when using cookies and similar technologies, a banner with corresponding information is displayed at the beginning of the website use. For this purpose, you can either agree to the setting of all cookies provided on this website, select an individual setting based on certain cookie categories or not give your consent, so that only cookies that do not require consent are used (first-party cookies).

The selected setting is stored on your computer for one year by means of a cookie from the provider Borlabs GmbH, Managing Director Benjamin A. Bornschein, Hamburger Str. 11, 22083 Hamburg, Germany, on your computer for one year, unless you clear the cache of the browser you are using. This cookie is necessary for the operation of the site and does not require consent. Its use is justified by the legitimate interest in operating the website in compliance with the law and taking into account settings once selected on subsequent website visits without having to make them again (Art. 6 para. 1 lit. f GDPR).

Further information on the use of the data transmitted during use can be found at https://de.borlabs.io/datenschutz/. In addition to this consent relating to our pages, many service providers offer their own links for website-wide data protection objections, which we refer to in our data protection information for the sake of completeness. Consents given on our website using the Borlabs tool do not result in the revocation of such existing or future objections to individual providers.

Usage data may be transferred outside the EU if various providers of advertising services, analysis services or services integrated into this website are based outside the EU and parts of the processing within the scope of these services are carried out via servers outside the EU. The admissibility under data protection law with regard to the international transfer therefore only arises here through your consent to this use of the service, Art. 49 para. 1 lit. a GDPR. The risks associated with such a transfer are described under “Transfers to recipients outside the EU”.

The adjustment and/or revocation of cookie settings already made can be made at any time here.

Allocation of responsibility for external services

All services of third-party providers (third-party services) include a transmission to the service providers and, if applicable, a transmission to the data controller. the service providers’ own processing operations. We conclude the necessary contractual arrangements with the third-party service providers. If services are provided under joint responsibility in accordance with. Art. 26 GDPR, then both we and the corresponding service provider are jointly responsible for the purposes and means of processing the data. Which processing is carried out by whom must be contractually regulated with the service provider. The service provider (joint controller) is then regularly responsible for mergers and personal evaluations of usage data, naming and justifying the legal basis of its own processing and, if necessary, providing anonymized evaluation results for our website.

As joint controllers, we are responsible for setting the respective cookies and transmitting the usage data from our website. However, you can assert your data subject rights against both jointly responsible parties irrespective of this allocation.

In many cases, service providers only offer outdated or inadequate contracts that do not yet meet the current requirements of the data protection supervisory authorities. Nevertheless, the existing contracts are regularly concluded automatically and unalterably when the service is used. It is assumed that the service providers will make the adjustments announced here. Irrespective of this, any transfers currently taking place on our part are based entirely on the consent obtained with the privacy settings banner.

Analysis service: Google Analytics

Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, is used for the purpose of tailoring the website and analyzing the general usage behavior of users on the website.
Google Analytics uses so-called “cookies”. Google Ireland Ltd. is independently responsible for forwarding data to countries outside Europe. The legal basis for this processing is your consent, Art. 6 para. 1 lit. a GDPR.

The service is obtained exclusively from Google Ireland Ltd. If the data is forwarded to US servers or other servers outside Europe, Google is responsible for the lawfulness of the transfer, in particular for sufficient guarantees of data protection. By consenting to the service mentioned here, you also consent to any data transfers we make outside the EU, even if there are no further guarantees and no adequacy decision to ensure the level of data protection, Art. 49 para. 1 lit. a GDPR. Re. the security risks in this regard, reference is made to “Transfers to recipients outside the EU”.

We have activated the IP anonymization offered by Google on this website. As a result, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area prior to use and further transmission. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use the information collected through the use of cookies to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. Further information on the use of data by Google, setting and revocation options can be found on Google’s websites:

(Google Privacy Policy): https://policies.google.com/privacy?hl=de&gl=de and under the terms of use (Terms): https://policies.google.com/terms?hl=de&gl=de, and under:

The IP address transmitted by your browser as part of Google Analytics is not merged with other Google data (see anonymization). You can prevent the storage of cookies in your browser cache by setting your browser software accordingly; however, we would like to point out that in this case you may not be able to use all the functions of this website to their full extent.

In addition to the settings made for our site, you can also object to this data processing generated by the cookie for the browser you are using at any time with effect for the future by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

Please note that the use of the browser plug-in is limited to the respective browser and also to the respective computer and may not be deactivated or deleted after installation in order to maintain the deactivation of Google Analytics. Google’s privacy policy can be viewed at http://www.google.com/intl/de/policies/privacy/.

Use of social media services and own websites

Our website contains links to the social media services listed below. On the one hand, social media services can act like conventional marketing services towards non-members, but towards members they have the special feature that data collected via this website can be linked to the existing member account.

A basic distinction must be made between different services and functions of social media services. On the one hand, social media services offer to place user-customized advertising on their platforms or to display advertising on linked pages, taking their user profiles into account. In addition, they can be used via social plug-ins (e.g. Like-me or Share-me buttons) for the distribution and promotion of page content by users. In addition to this website, there may also be separate pages for our company presentation on the social media platform.

You can find us on the following platforms:

LinkedIn: https://www.linkedin.com/company/westernacher-solutions/

XING: https://www.xing.com/pages/westernacher-solutions

Twitter: https://twitter.com/westernachersol

We have concluded the necessary data protection agreements with the respective service providers. The purpose and scope of data collection, further processing and use of the data by the social networks as well as your rights in this regard and setting options to protect your privacy can be found in the data protection notices of the respective social networks, which are described in detail below.

On the one hand, we link to the relevant pages on our website, and we also offer the option of sharing our content in the aforementioned social media services in certain areas using share buttons. These are links to websites that are not protected under Art. 6 para. 1 lit. a GDPR are subject to consent. We use these linking options to improve the reach and visibility of the company and rely on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

LinkedIn

LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland) is used to network professionals and executives worldwide. Registered users can interact with each other to increase business and career opportunities. On our website you have the option of being forwarded directly to our LinkedIn profile.

Our LinkedIn profile

When you visit our LinkedIn profile, you are on the LinkedIn platform. The evaluation data of the website provider is only made available to us in anonymized form (statistical values). The joint responsibility described above exists for the data processing required for this purpose.

Our legal basis for data processing here is the legitimate interest in counting the users of our LinkedIn profile, Art. 6 para. 1 lit. f GDPR. This relates to our interest in measuring and evaluating page effectiveness.

LinkedIn marketing services

Through pixels and the link to our LinkedIn profile, LinkedIn collects data about the use of our site (browser and device settings, usage times and objects, existing identifiers). The purpose is to display user-customized advertising on the LinkedIn platform. The basis for this data transmission from our website is your consent given at the beginning of the first use of the site, Art. 6 para. 1 a GDPR.

Further information can be found in the privacy policy at: https://de.linkedin.com/legal/l/dpa?. The joint controller agreement and the respective responsibilities can be found at: https://legal.linkedin.com/pages-joint-controller-addendum

Xing

XING (New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany) is a social network that offers the creation of company pages in addition to private profiles. Company information (e.g. service descriptions, contact options, photos) can be documented on these pages. XING users have access to this information. You can also write your own posts and share content. The functions are carried out under the user’s own responsibility.

Our XING profile

When you visit our XING profile, you are on the XING platform. The evaluation data of the website provider is only made available to us in anonymized form (statistical values). The joint responsibility described above exists for the data processing required for this purpose.
Our legal basis for data processing here is the legitimate interest in counting the users of our XING profile, Art. 6 para. 1 lit. f GDPR. This relates to our interest in measuring and evaluating page effectiveness.

Further information can be found in the privacy policy at: https://privacy.xing.com/de/datenschutzerklaerung.

The joint controller agreement and the respective responsibilities can be found at: https://www.xing.com/terms/onlyfy-one#h2-vereinbarung-zur-gemeinsamen-datenschutzrechtlichen-verantwortlichkeit

Twitter

We also maintain a presence on the Twitter service: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland, parent company: Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA; https://twitter.com.

When you visit our Twitter profile, you are on the Twitter platform. We would like to point out that you use our website and the use of interactive functions on your own responsibility. The evaluation data of the website provider is only made available to us in anonymized form (statistical values).

Our legal basis for data processing here is the legitimate interest in counting the users of our Twitter profile, Art. 6 para. 1 lit. f GDPR. This relates to our interest in measuring and evaluating page effectiveness.

Further information on data protection can be found at: https://twitter.com/de/privacy; https://twitter.com/de/privacy and https://twitter.com/personalization. The data processing agreement provided by Twitter can be found here: https://privacy.twitter.com/en/for-our-partners/global-dpa.

Supplementary notes

Changes to security and data protection measures will result in an adjustment to this data protection notice. Please refer to the latest version on our website.

For questions of a general nature, please contact us (solutions@westernacher.com). If you have any questions about data protection, please contact our data protection officer(westernacher@krisp.services).

Data protection information for the beA Service Desk

Westernacher Solutions GmbH (Columbiadamm 37, 10965, Berlin, Germany, e-mail: datenschutz@westernacher.com) is part of the “WesRoc GbR” consortium together with rockenstein AG (Ohmstraße 12, 97076 Würzburg, Germany). It operates the beA Service Desk on behalf of the Federal Chamber of Lawyers (BRAK) (Littenstraße 9, 10179 Berlin) and provides support services in relation to beA.

The processing is based on the legal obligation and performance of a public task of BRAK pursuant to Art. Art. 6 para. 1 lit. c resp. e GDPR, which take place through the assumption of the services described here by WesRoc GbR in the order processing relationship, Art. 6 para. 1 lit b. GDPR.

If you have any questions about data protection, please contact the data protection officer of Westernacher Solutions GmbH, Ms. Heike Kraus at westernacher@krisp.services and the data protection officer of BRAK, Mr. Gerald Böhmer, mb-datenschutz at gb@mb-datenschutz.de (secure contact form: https://mb-datenschutz.de/kontakt/).

For further information on data protection at BRAK, please visit: https://www.brak.de/datenschutzerklaerung/

In the following, we inform you about our service provision and the processing of personal data in relation to the beA Service Desk and the available communication channels (telephone and e-mail).

Generally applicable information for the communication channels with support described below:

beA mailboxes are available in several variants. Since – with the exception of the decoupling process (see regulation case no. 6 in the following table, may only be carried out by the mailbox holder themselves for security reasons) – only technical support services with generic information content are offered, the regulations formulated below apply to the mailbox options:

  1. User with own mailbox (lawyer), beA card basis
  2. Users without their own mailbox (other employees), beA card employees
  3. User of an organizational mailbox (represents a mailbox of an organization; the BRAK, the regional bar associations including the bar association at the Federal Court of Justice, the bar courts and the arbitration board of the legal profession have an organizational mailbox in the beA system).

Inquiries by phone

When you call the Westernacher Solutions GmbH Service Desk, the support employee will open a ticket in the support tool and ask for your surname, first name, telephone number and, if necessary, your e-mail address. If required, an additional telephone number can be stored for a callback. If telephone numbers are given for call-backs to third parties, the law firm number must be given. This is compared by the support employee with the one in the Federal Official Register of Lawyers (BRAV). Callbacks to mobile phones that have not called themselves are not made. The support employee answers the telephone inquiry directly or puts it on hold if a direct answer is not possible.

When the ticket is created, you will receive confirmation that the request has been accepted at the e-mail address you may have provided. In principle, the information exchanged is technical content or support aids and not confidential or personal data. As a result, no increased authentication requirements are envisaged for these use cases.

To help you solve your support issue, we use TeamViewer software at your request, which enables your current screen view to be shared with a support employee. You can find more information below in the “Third-party service” section.

Your completed support request will be deleted after three months.

You can informally object to the processing of your personal data at any time by contacting the data protection officer using the contact details provided. This does not affect the lawfulness of the processing carried out prior to the objection.

Request by e-mail

When you send an e-mail to the Westernacher Solutions GmbH Service Desk, a ticket with your request is automatically created in the support tool.

You will receive a confirmation to the e-mail address you provided that the request has been accepted. You will also be contacted by e-mail when the support employee answers your query. In principle, the information exchanged is technical content or support aids and not confidential or personal data. As a result, no increased authentication requirements are envisaged for these use cases.

Your completed support request will be deleted after three months.

You can informally object to the processing of your personal data at any time by contacting the data protection officer using the contact details provided. This does not affect the lawfulness of the processing carried out prior to the objection.

Support requests handled by Westernacher Solutions GmbH and/or the Federal Bar Association

All support requests are processed via a ticket system. In principle, support requests are processed by Westernacher Solutions GmbH on behalf of BRAK. In certain cases, it may be necessary for BRAK to process the requests. The following overview shows the support per processing operation and the personal data processed.

No.
Process name
Process description
Data subjects / personal data
Systems involved
Process support
1 Recording of telephone support requests in the support tool The support employee at the Westernacher Solutions GmbH Service Desk opens a ticket in the support tool when the person seeking support calls and asks for the relevant data. The support employee answers the telephone inquiry directly or puts you on hold if a direct answer is not possible. Surname, first name, telephone number, e-mail address if required Support tool Westernacher Solutions GmbH
2 Recording support requests by e-mail in the support tool The e-mail request triggers an automatic ticket creation in the support tool. The support seeker receives a confirmation email. E-mail address and, if applicable, telephone number of the person requesting support.

Personal data that the support seeker has added to their request.

Support tool Westernacher Solutions GmbH
3 Evaluation of support requests in the support tool or by telephone The support employee views the tickets that are in the tool. These are either telephone or email inquiries for which a ticket has been created by the support team or tickets that have been created via the service portal by the person seeking support.

The support employee assigns tickets that fall under process no. 5 and possibly no. 6 to BRAK.

E-mail address and, if applicable, telephone number of the person requesting support.

Personal data that the support seeker has added to their request.

Support tool Westernacher Solutions GmbH
4 Processing of all support requests that do not fall under process no. 5 and 6 The support employee answers the telephone inquiry directly or puts you on hold if a direct answer is not possible.

In the case of e-mail and service portal inquiries, the response is sent to the person seeking support by e-mail.

If it is a ticket created via the portal, the answer can also be found in the user area of the support seeker.

E-mail address and, if applicable, telephone number of the person requesting support.

Personal data that the support seeker has added to their request.

Support tool Westernacher Solutions GmbH
5 Special support requests: suggestions for improvement and support requests that are assigned directly to BRAK after evaluation BRAK employees will answer the support ticket by e-mail or, if necessary, by telephone. The support seeker then receives an e-mail to the e-mail address they have provided.

If it is a ticket created via the portal, the answer can also be found in the user area of the support seeker.

E-mail address and, if applicable, telephone number of the person requesting support.

Personal data that the support seeker has added to their request.

Support tool BRAK
6 Special support request: decoupling and re-registering mailboxes Under certain circumstances, the beA card must be decoupled from the mailbox and re-registered for the first time (e.g. in the event of theft or loss of functionality).

Implementation only possible by telephone request:

  • BRAK’s support staff look after cases where the person concerned does not know their password or the security question;
  • Westernacher Solutions takes care of the cases if the password and the security question have been answered correctly by the support seeker. If this is not done (e.g. only one identification feature is known), the ticket will be processed by BRAK.
Surname, first name, telephone number, reason for disconnection (e.g. card loss, marriage), callback time window if applicable,  e-mail address if required Support tool BRAK or

Westernacher Solutions GmbH

7 General viewing and planning for joint ticket management Westernacher Solutions support staff and BRAK employees review the support tickets. E-mail address and, if applicable, telephone number of the person requesting support.

Personal data that the support seeker has added to their request.

Support tool Westernacher Solutions GmbH and BRAK

Data protection information for the beA Service Desk

This data protection information clarifies the type, scope and purpose of the processing (including collection, processing and use as well as obtaining consent) of personal data when using the website https://portal.beasupport.de, its functions and content. It is operated by Westernacher Solutions GmbH as part of the “WesRoc GbR” consortium. The data protection information applies regardless of the domains, systems, platforms and devices (e.g. desktop or mobile) on which the website is run.

Transmission security

By default, the website https://portal.beasupport.de offers the so-called SSL security system (Secure Socket Layer) in conjunction with 128-bit encryption for data transfer in order to protect data against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security measures are continuously adapted in line with technological developments. You can recognize that data is transmitted in encrypted form by the closed display of a key or lock symbol in the lower status bar of your browser.

Collection of usage data when visiting this website

When you use any website, a range of information about you as a user is collected, which can at least theoretically be linked to a specific user via the IP address, specific user settings, cookies or other identification options. This data is used for technical purposes to display the page and to optimize the page by statistically recording user behavior, but can also be used to redisplay information or entries already made to the user after an abort.

Transmission of browser data and settings

The following describes which usage data is collected on the https://portal.beasupport.de website and which other services are used on this website. In the case of purely informational use of the website, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our hosting provider.

Connection data is processed for the purpose of providing and delivering the website. For the sole purpose of delivering and providing the website, the data is not stored beyond the call. The legal basis for data processing is the legitimate interest (absolute technical necessity for the provision and delivery of the “website” service expressly requested by you by calling it up), Art. 6 para. 1 lit. f GDPR. In order to operate the website, the connection data and other personal data are also processed as part of various other functions and services. Detailed information on this is provided in this data protection notice for the individual functions and services.

We log and save log files on the server side, in particular in the event of errors, e.g. log-ins. IP addresses are stored for up to 365 days. The legal basis for this processing is Art. 6 para. 1 lit. f GDPR, the legitimate interest in error analysis and correction.

If you wish to view our website, the following data is collected, which is technically necessary for us to display our website to you and to ensure stability and security. The legal basis for processing is Art. 6 para. 1 lit. f GDPR (legitimate interest):

  • IP address
  • Date and time of the request
  • Content of the request (specific page)
  • Access status / https status code
  • Amount of data transferred in each case
  • Website from which the request comes
  • Browser used
  • Operating system
  • Language and version of the browser software
  • Referrer (origin page)
  • Other technical parameters, e.g.
    • JavaScript support
    • Number and type of installed plug-ins
    • Size of the browser window
    • Resolution of the screen
    • Supported languages
    • Installed fonts

Basic information on data processing

We process personal data from you as a user of the website https://portal.beasupport.de in compliance with the relevant data protection regulations in accordance with the principles of data minimization and data avoidance. This means that your data will only be processed if there is legal permission, in particular if the data is required or legally prescribed for the provision of our contractual services and online services, or if consent has been given.

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.

No personal data is forwarded outside Germany in the context of website use. Further information can be obtained from our data protection officer.

Your rights

As the data subject, you have the following rights vis-à-vis us:

Information

You can request information about your data stored by us at any time by contacting Westernacher Solutions GmbH or the data protection officer using the contact details given above.

Correction, restriction and deletion

You also have the right to demand the correction of incorrect data or, if the legal requirements are met, the correction, restriction or deletion of your data.

Contradiction

If services are used on this website on the basis of our legitimate interest, you can object to their use. If we use such services, we will refer to such a right in the description of the service and also explain how you can exercise it.

Data portability

Upon request, we will send you your data stored by us in a structured, commonly used and machine-readable format that you can use for further processing.

If you have any queries in this regard, please send them to the address stated in the legal notice with the addition “Data protection” or to the e-mail address westernacher@krisp.services. Any transmission requires your unambiguous authentication as the data subject or can only be made to an address already stored in your data.

Right of appeal

You also have the right to lodge a complaint with a data protection supervisory authority at any time.

If you have any questions or complaints about data protection, you can also contact our data protection officer at any time using the contact details given above.

Tools and services

Functionality and types of cookies

Cookies are small text files that are stored on your computer by your browser. They contain various data, e.g. duration of the website visit or user input. They may originate both from us as the website provider (so-called first-party cookies) and, in the case of cooperation with third parties, also from them (so-called third-party cookies) and may be stored for different lengths of time (duration of site use, several weeks to years).

You can set your browser so that you are notified as soon as cookies are sent. You can also delete the cookies on your computer’s hard disk yourself at any time. You can prevent the storage of cookies in your browser by restricting or deactivating the storage and reading of cookies via the menu bar “Tools > Internet options > Privacy” (Internet Explorer) or “Settings > Privacy” (Firefox). In this case, however, the full functionality of the website will no longer be available to you.

First-party cookies

We do not use first-party cookies.

Third-party cookies

If third-party cookies are used, these are described in more detail in the services.

Third-party services

Vimeo

Vimeo is used in the form of videos on the website, in which users are supported with information about the beA.

Vimeo (Vimeo, Inc., 555 West 18th Street, New York, New York 10011, USA, legal@vimeo.com) is a video portal that offers both free use of the portal and the option of publishing content for a fee. Among other things, the portal also enables the creation of personal streams in which videos from other user profiles can be collected and rated with comments. Compared to other providers, Vimeo emphasizes high-quality content, e.g. in the areas of interesting documentaries on a wide range of topics and short films.

With the help of a plug-in, we can display interesting video material directly on our website using Vimeo. Certain data will be transferred from you to Vimeo. When you visit another website on our website that has embedded a Vimeo video, your browser connects to the Vimeo servers. The data transmitted is stored on these servers. The following data is processed: IP address, technical information about the browser type, the operating system and basic device information. In addition, Vimeo stores information about which website you use the Vimeo service from and which web activities you carry out on our website (e.g. session duration).

If you are logged in to Vimeo as a registered member, more data will generally be collected, as more cookies may already be set in your browser. In addition, your activities on our website are linked directly to your Vimeo account. To prevent this, you must log out of Vimeo before visiting our website.

The admissibility under data protection law with regard to the international transfer therefore only arises here through your consent to the use of the service, Art. 49 para. 1 lit. a GDPR. You also have the option of managing cookies in your browser according to your wishes. For example, if you do not want Vimeo to set cookies and thus collect information about you, you can delete or deactivate cookies in your browser settings at any time. If you are a registered Vimeo member, you can also manage the cookies used in the Vimeo settings.

The legal basis for data processing is your consent, Art. 6 para. 1 lit. a GDPR. You can find out more about data protection at https://vimeo.com/privacy and the use of cookies at https://vimeo.com/cookie_policy.

TeamViewer

If you wish, we can use the TeamViewer GmbH software (TeamViewer Core) for remote support.

TeamViewer can be used by the support employee to assist in solving a support request. TeamViewer is software that can be used to share your current screen view with the support employee. In many cases, this enables a quicker solution to the existing problem. Access to your computer is restricted exclusively to the time of the support call. You can terminate access at any time. You must close the program manually, as otherwise the support provider can still establish a connection to your computer. The support staff point this out each time TeamViewer is used and explicitly request that it be terminated after the support call.

To use this service, we offer you to download the TeamViewer software from our website in the “Remote maintenance” section. The connection runs via TeamViewer GmbH servers.

By using remote support via TeamViewer, you consent to the processing of any personal data in connection with this. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. a GDPR.

We have concluded a corresponding contract for order processing with TeamViewer GmbH.

TeamViewer is used in accordance with the TeamViewer privacy policy. Further information on this can be obtained from TeamViewer GmbH, Jahnstraße 30, 73037 Göppingen; you can find out more about data protection here: https://www.teamviewer.com/de/privacy-policy/; you can view the security information here: https://www.teamviewer.com/de/security/

Matomo/Piwik

If you give us your consent to do so, we use the open source software tool Matomo (formerly PIWIK) on the beA Service Desk website to anonymously analyze the surfing behavior of our users.

Matomo stores a small text file, a so-called cookie, on your end device or in your browser. This cookie uses the IP address of your end device, shortened to the first six digits, to record how our website is used via your device (more precisely: via a device with the corresponding six initial digits in the IP address) and sends us this information. It is not possible for us to identify your device or even your person due to the shortening of your IP address. You remain anonymous. We then compile anonymous visitor statistics that provide WesRoc with information about which topics are searched for or clicked on frequently and which topics are less frequently, or when visits are more or less frequent, which pages our visitors use to reach us and which links on our pages are clicked on and how often. This enables us to optimize the content and structure of our website so that our visitors can find the information they are looking for quickly.

If you consent to web analysis using Matomo, the following data will be collected when individual pages of our website are accessed: 1 byte or the first six digits of the IP address of the user’s accessing system, the accessed website, the website from which the user accessed the accessed website (referrer), the subpages accessed from the accessed website, the time spent on the website, the frequency with which the website is accessed, the type of end device used (desktop, tablet, cell phone), the operating system, browser, browser plug-ins and screen resolutions as well as the exit page (last page viewed).

Cookies are stored on the user’s computer and transmitted to us by the user. As a user, you therefore also have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be automated.

If cookies are not automatically deleted after a few minutes, they will be deleted after 13 months at the latest.

You can revoke your consent at any time with effect for the future under the data protection settings at https://portal.beasupport.de/datenschutz. This does not result in any disadvantages for you.

The legal basis for the use of the Matomo analysis cookie and the user analysis is § 25 para. 1 sentence 1 TTDSG and Art. 6 para. 1 lit. a GDPR.

Matomo is used in accordance with the Matomo privacy policy. Further information on this can be obtained from Matomo / InnoCraft, 150 Willis St, 6011 Welling-ton, New Zealand. Data protection information: https://matomo.org/faq/general/configure-privacy-settings-in-matomo/

Newsletter

By clicking on the “To beA Newsletter” button, you leave the beA Service Desk page and can subscribe to the newsletter on the BRAK website.

Supplementary notes

Changes to security and data protection measures will result in an adjustment to this data protection notice. Please refer to the latest version on our website.