WEdirekt Shop Data Protection Information
In the following, we inform you on the collection of personal data when ordering products from our WEdirekt Webshop. We explain what personal data we collect in the course of your usage of our webshop, how and for what purposes we collect, process and use that data, and what rights you have. The protection of your data is important to us.
Personal data is any data that can be used to identify you personally, such as your name, your postal address or your email address, as well as technical data that can be traced back to you, such as the IP address assigned to you.
1. Identity of data controller under data protection law
Under data protection law, the data controller responsible for collecting and processing your personal data when you visit and use the WEdirekt Webshop is:
Würth Elektronik GmbH & Co. KG.
Tel.: +49 7940 9460
2. Contact details of Data Protection Officer
If you have any questions, concerns or ideas about data protection with regard to the WEdirekt Webshop, you can contact our Data Protection Officer at any time:
Würth Elektronik GmbH & Co. KG
Data Protection Officer
Tel.: +49 7940 9460
You can also contact our Data Protection Officer to assert your rights as the data subject. More detailed information on this point can be found in Section 7.
3. The collection and processing of the personal data you provide in the course of placing orders – Purposes and legal bases
a. Order processing
- We collect, store and, if necessary, pass on your name, email address, postal address, payment data and products ordered (mandatory information) provided that this is necessary for performing the contractual services. The collection, storage and forwarding of the data is thus carried out for the purpose of performance of the contract and on the basis of Art. 6 para. 1 sentence 1 lit. b) of the General Data Protection Regulation (GDPR). The personal data marked as mandatory information is necessary for the purpose of fulfilling your order. Failure to provide this data may make it impossible to conclude the contract.
- If you are a student, school pupil, teacher, university professor or lecturer, we process your verification document (e.g. student enrolment certificate) to check whether you are authorised to receive the discounts that apply to this group of persons. The collection, storage and forwarding of data is thus carried out for the purpose of performance of the contract and on the basis of Art. 6 para. 1 sentence 1 lit. b) GDPR. Failure to provide this data will make it impossible to conclude the contract under the special terms and conditions that apply to this group of persons.
- The possible provision of further personal data is voluntary and we use the said data, in particular, for the purpose of addressing you in a more personal and/or individual way or enhancing our services for you – for instance, through the possibility of submitting queries – unless this conflicts with your basic rights, basic freedoms or interests. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR, which permits personal data to be processed within the scope of a “legitimate interest” of the data controller.
b. Customer account
- During the ordering process, a customer account is set up for you through which we store further personal data (e.g. your password or your language) as well as your order data for later purchases. This storage of data serves to make the use of our Webshop easier and as pleasant as possible for you, as well as to improve our service. The legal basis for this is Article 6 para. 1 sentence 1 lit. f) GDPR, which permits personal data to be processed within the scope of the “legitimate interest” of the data controller, unless it is outweighed by your own basic rights, basic freedoms or interests. Failure to provide this data will make it impossible to conclude the contract.
c. Payment transactions
- Depending on the payment method you choose, your payment data is forwarded to the relevant payment service provider. The data is forwarded for the purpose of performance of the contract and on the basis of Art. 6 Abs. 1 sentence 1 lit. b) GDPR. The payment service provider is responsible for the payment data.
d. Advertising / Marketing
- Besides using your email address for the purpose of contract execution, we also use it to inform you about similar products by email. You can at any time object to the use of your email address for this purpose (firstname.lastname@example.org), without thereby incurring any costs other than the costs of transmission/communication in accordance with the basic rates (Section 7 para. 3 of the German Unfair Competition Act (UWG)). The legal basis for processing your personal data is Art. 6 para. 1 sentence 1 lit. f) GDPR. We have a legitimate interest in carrying out direct advertising.
- We use your name and your address to inform you about our current product range and offers by post. The legal basis for processing your personal data is Art. 6 para. 1 sentence 1 lit. f) GDPR. We have a legitimate interest in carrying out direct advertising. You can at any time object to the use of your data for postal mailings.
e. Debt default
- In the event that a payment is not received on time at the Wirtschaftsauskunftei Compagnie Française d'Assurance pour le Commerce Extérieur SA, 1, place Costes et Bellonte, CS 20003, 92276 Bois-Colombes (Paris), France (“COFACE”), then – within the limits of what is legally permitted – we will, if necessary, forward data on your debt-related behaviour, in accordance with the valid legal provisions. This takes place provided that it is necessary to protect our legitimate interests and the legitimate interests of third parties, and that there is no reason to assume that your interests or basic rights and basic freedoms, which require the protection of personal data, outweigh the said interests. The collection, storage and forwarding of data is thus carried out on the basis of Art. 6 para. 1 sentence 1 lit. F) GDPR, which permits personal data to be processed within the scope of the “legitimate interest” of the data controller, unless it is outweighed by your own basic rights, basic freedoms or interests.
f. Live Support
When you submit a chat request to us, in addition to the data mentioned in section 3.a., we also process and store the URL from which you accessed Live Support, the subject of your request, a transcript of the conversation with you, the date and duration of the chat, the processing status of your chat request and the number of your page views and visits. You also have the option to provide us with your name, location and email address as well as other personal data. We store this data and keep it for six months. We process this data in order to be able to address you personally in the course of the chat and to improve our service quality. After completing the chat request, you have the opportunity to rate and comment on the quality of service. We also store this voluntary information.
The legal basis for the processing of this data is Art. 6 para. 1 p. 1 lit. f) GDPR; Section 25 para. 2 no. 2 TTDSG, which permits the processing of personal data within the scope of our legitimate interests, unless your fundamental rights, freedoms or interests prevail. Our legitimate interests are to provide you with a live chat and thereby to answer your enquiry in a targeted manner. In addition, we store the data mentioned in section 3.a. in connection with a specific chat request to ensure IT security and to combat attacks.
If you wish to use Live Support outside business hours, you will be automatically redirected to a form where you can inform us of your concern. Our Live Support staff will contact you as soon as possible. For the processing of your personal data within the framework of this contact form, the information in section 4.a. of our General Data Protection Information applies accordingly.
We forward your personal data to the following categories of external recipients:
- When we deliver you products, we forward your name and your delivery address to the shipping company that we have commissioned.
- We forward your name and your address to COFACE (see Pt. III.5. above).
- If necessary, we forward your personal data to further external technical and other service providers who support us in performing our services and whom we select with meticulous care. If necessary, the service providers whom we commission process your personal data within the scope of their specific contract, in accordance with our instructions, for the purposes specified in this Data Protection Information. The said service providers (“processors” as defined in Art. 28 GDPR) are contractually obliged to adhere to this Data Protection Information, to the valid legal data protection provisions and to our instructions. The same applies to any subcontractors, insofar as our data processors employ any such service providers with our prior approval.
At all events, we only forward to third parties the data that they need to carry out their functions.
5. Data security
The personal data that we collect and store is treated confidentially and protected from loss and alteration, as well as from unauthorised access by third parties, by means of appropriate technical and organisational precautions.
We use secure server technology to ensure that your personal data is protected in accordance with current standards.
We use encryption to protect your credit card data and we accept orders only from web browsers that allow communication via Secure Socket Layer (SSL) technology: this means that you cannot inadvertently place an order via a non-secure connection. Most web browsers more recent than Version 3 support these security standards.
Thanks to this encryption, it is practically impossible for unauthorised parties to read any information that you send us.
6. Duration of storage
We store your personal data collected in the course of placing an order as long as it is necessary for processing orders and, at all events, for as long as your customer account exists.
Moreover, it may be necessary to store personal data for accounting or other legal reasons for the duration of the respective legally stipulated storage periods.
7. Your rights
Provided the legal preconditions as defined in Art. 15 et seq. GDPR are given, you have the following rights regarding your personal data stored by us (“rights of the data subject”):
- You can at any time request information from us as to whether or not we have stored personal data concerning you, and if so, as to which categories of personal data, for what purposes this data is processed and which recipients or categories of recipients receive it. You can furthermore request access to the further information on your personal data specified in Art. 15 GDPR (right of access).
- In accordance with the legal preconditions, you also have a right to rectification (Art. 16 GDPR), a right to erasure (Art. 17 GDPR) and a right to restriction of processing (data blocking) (Art. 18 GDPR) of your personal data.
- Moreover, in accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format from us; you can also forward this personal data, or arrange for it to be forwarded, to other data controllers (right to data portability).
- You also have the right to, at any time, revoke consents that you have already given.
- You furthermore have the right to object to data processing which, in accordance with Art. 6 para. 1 lit. f) GDPR, is based on the legitimate interests of the data controller or of a third party, provided that the legal preconditions for data processing, as defined in Art. 21 GDPR, are given.
In order to assert your rights as the data subject, you can at any time contact us at email@example.com or send a message to the address specified under Pt. 1 above.
Moreover, if you believe that the processing of personal data concerning you breaches the GDPR, you have the right, pursuant to Art. 77 para. 1 GDPR, to file a complaint with a supervisory authority, particularly in the member state where your place of residence or workplace is located, or where the alleged breach took place.