WEdirekt Shop Data Protection Information
In the following, we inform you on the collection of personal data when ordering products from our WEdirekt Webshop. We explain what personal data we collect in the course of your usage of our webshop, how and for what purposes we collect, process and use that data, and what rights you have. The protection of your data is important to us.
Personal data is any data that can be used to identify you personally, such as your name, your postal address or your email address, as well as technical data that can be traced back to you, such as the IP address assigned to you.
1. Identity of data controller under data protection law
Under data protection law, the data controller responsible for collecting and processing your personal data when you visit and use the WEdirekt Webshop is:
Würth Elektronik GmbH & Co. KG.
Tel.: +49 7940 9460
2. Contact details of Data Protection Officer
If you have any questions, concerns or ideas about data protection with regard to the WEdirekt Webshop, you can contact our Data Protection Officer at any time:
Würth Elektronik GmbH & Co. KG
Data Protection Officer
Tel.: +49 7940 9460
You can also contact our Data Protection Officer to assert your rights as the data subject. More detailed information on this point can be found in Section 7.
3. The collection and processing of the personal data you provide in the course of placing orders – Purposes and legal bases
a. Order processing
- We collect, store and, if necessary, pass on your name, email address, postal address, payment data and products ordered (mandatory information) provided that this is necessary for performing the contractual services. The collection, storage and forwarding of the data is thus carried out for the purpose of performance of the contract and on the basis of Art. 6 para. 1 sentence 1 lit. b) of the General Data Protection Regulation (GDPR). The personal data marked as mandatory information is necessary for the purpose of fulfilling your order. Failure to provide this data may make it impossible to conclude the contract.
- If you are a student, school pupil, teacher, university professor or lecturer, we process your verification document (e.g. student enrolment certificate) to check whether you are authorised to receive the discounts that apply to this group of persons. The collection, storage and forwarding of data is thus carried out for the purpose of performance of the contract and on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. Failure to provide this data will make it impossible to conclude the contract under the special terms and conditions that apply to this group of persons.
- The possible provision of further personal data is voluntary and we use the said data, in particular, for the purpose of addressing you in a more personal and/or individual way or enhancing our services for you – for instance, through the possibility of submitting queries – unless this conflicts with your basic rights, basic freedoms or interests. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR, which permits personal data to be processed within the scope of a “legitimate interest” of the data controller.
b. Customer account / Bonus points
- During the ordering process, a customer account is set up for you through which we store further personal data (e.g. your password or your language) as well as your order data for later purchases. This storage of data serves to make the use of our Webshop easier and as pleasant as possible for you, as well as to improve our service. The legal basis for this is Article 6 para. 1 sentence 1 lit. f) GDPR, which permits personal data to be processed within the scope of the “legitimate interest” of the data controller, unless it is outweighed by your own basic rights, basic freedoms or interests. Failure to provide this data will make it impossible to conclude the contract.
- For every order, you automatically collect bonus points – which are likewise automatically stored in your customer account. In this case, we save your bonus points, as well as your redeemed bonuses, in your customer account. This storage of data serves to make the use of our Webshop easier and as pleasant as possible for you, as well as to improve our service. The legal basis for this is Article 6 para. 1 sentence 1 lit. f) GDPR, which permits personal data to be processed within the scope of the “legitimate interest” of the data controller, unless it is outweighed by your own basic rights, basic freedoms or interests.
c. Payment transactions
- Depending on the payment method you choose, your payment data is forwarded to the relevant payment service provider. The data is forwarded for the purpose of performance of the contract and on the basis of Art. 6 Abs. 1 sentence 1 lit. b) GDPR. The payment service provider is responsible for the payment data.
d. Advertising / Marketing
- Besides using your email address for the purpose of contract execution, we also use it to inform you about similar products by email. You can at any time object to the use of your email address for this purpose (email@example.com), without thereby incurring any costs other than the costs of transmission/communication in accordance with the basic rates (Section 7 para. 3 of the German Unfair Competition Act (UWG)). The legal basis for processing your personal data is Art. 6 para. 1 sentence 1 lit. f) GDPR. We have a legitimate interest in carrying out direct advertising.
- We use your name and your address to inform you about our current product range and offers by post. The legal basis for processing your personal data is Art. 6 para. 1 sentence 1 lit. f) GDPR. We have a legitimate interest in carrying out direct advertising. You can at any time object to the use of your data for postal mailings.
e. Debt default
- In the event that a payment is not received on time at the Wirtschaftsauskunftei Compagnie Française d'Assurance pour le Commerce Extérieur SA, 1, place Costes et Bellonte, CS 20003, 92276 Bois-Colombes (Paris), France (“COFACE”), then – within the limits of what is legally permitted – we will, if necessary, forward data on your debt-related behaviour, in accordance with the valid legal provisions. This takes place provided that it is necessary to protect our legitimate interests and the legitimate interests of third parties, and that there is no reason to assume that your interests or basic rights and basic freedoms, which require the protection of personal data, outweigh the said interests. The collection, storage and forwarding of data is thus carried out on the basis of Art. 6 para. 1 sentence 1 lit. F) GDPR, which permits personal data to be processed within the scope of the “legitimate interest” of the data controller, unless it is outweighed by your own basic rights, basic freedoms or interests.
We forward your personal data to the following categories of external recipients:
At all events, we only forward to third parties the data that they need to carry out their functions.
5. Data security
The personal data that we collect and store is treated confidentially and protected from loss and alteration, as well as from unauthorised access by third parties, by means of appropriate technical and organisational precautions.
We use secure server technology to ensure that your personal data is protected in accordance with current standards.
We use encryption to protect your credit card data and we accept orders only from web browsers that allow communication via Secure Socket Layer (SSL) technology: this means that you cannot inadvertently place an order via a non-secure connection. Most web browsers more recent than Version 3 support these security standards.
Thanks to this encryption, it is practically impossible for unauthorised parties to read any information that you send us.
6. Duration of storage
We store your personal data collected in the course of placing an order as long as it is necessary for processing orders and, at all events, for as long as your customer account exists.
Moreover, it may be necessary to store personal data for accounting or other legal reasons for the duration of the respective legally stipulated storage periods.
7. Your rights
Provided the legal preconditions as defined in Art. 15 et seq. GDPR are given, you have the following rights regarding your personal data stored by us (“rights of the data subject”):
- You can at any time request information from us as to whether or not we have stored personal data concerning you, and if so, as to which categories of personal data, for what purposes this data is processed and which recipients or categories of recipients receive it. You can furthermore request access to the further information on your personal data specified in Art. 15 GDPR (right of access).
- In accordance with the legal preconditions, you also have a right to rectification (Art. 16 GDPR), a right to erasure (Art. 17 GDPR) and a right to restriction of processing (data blocking) (Art. 18 GDPR) of your personal data.
- Moreover, in accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format from us; you can also forward this personal data, or arrange for it to be forwarded, to other data controllers (right to data portability).
- You also have the right to, at any time, revoke consents that you have already given.
- You furthermore have the right to object to data processing which, in accordance with Art. 6 para. 1 lit. f) GDPR, is based on the legitimate interests of the data controller or of a third party, provided that the legal preconditions for data processing, as defined in Art. 21 GDPR, are given.
In order to assert your rights as the data subject, you can at any time contact us at firstname.lastname@example.org or send a message to the address specified under Pt. 1 above.
Moreover, if you believe that the processing of personal data concerning you breaches the GDPR, you have the right, pursuant to Art. 77 para. 1 GDPR, to file a complaint with a supervisory authority, particularly in the member state where your place of residence or workplace is located, or where the alleged breach took place.