Data protection

Provider / Controller

DWH Deutsche Wasser Holding GmbH
Bahnhofstraße 24
D – 54687 Arzfeld

Data Protection Officer

You can contact our Data Protection Officer at the following email address:
datenschutz@zahnen-technik.de

Responsible Supervisory Authority

The State Commissioner for Data Protection and Freedom of Information Rhineland-Palatinate
Postfach 3040
55020 Mainz
Germany

Phone: +49 6131 / 8920 – 0
Fax: +49 6131 / 8920 – 299
Email: poststelle@datenschutz.rlp.de

Scope of this Privacy Policy

This privacy policy applies to the website www.deutsche-wasser-holding.de and the content provided there. Different terms and conditions may apply to content from other providers that is referenced through links. Where links to external websites are provided, we have neither influence nor control over the linked content or their respective privacy policies.

Redirects to Other Providers

Where our website links to content from other providers, this will be clearly recognizable. We either explicitly identify these providers or indicate them through hyperlinks. The use of such offers may be subject to conditions different from those described in this privacy policy.

Art. 4 No. 1 GDPR – “Personal Data”

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to identifiers such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Art. 4 No. 2 GDPR – “Processing”

“Processing” means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.

Art. 4 No. 7 GDPR – “Controller”

“Controller” means the natural or legal person, public authority, agency, or other body which alone or jointly with others determines the purposes and means of the processing of personal data.

Art. 4 No. 8 GDPR – “Processor”

“Processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

Art. 4 No. 9 GDPR – “Recipient”

“Recipient” means a natural or legal person, public authority, agency, or another body to which personal data are disclosed, whether a third party or not.

Art. 4 No. 10 GDPR – “Third Party”

“Third party” means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons authorized to process personal data under the direct authority of the controller or processor.

Principles of Processing

Art. 5(1) (a) GDPR

Personal data must be processed lawfully, fairly, and transparently.

Art. 5(1) (f) GDPR

Personal data must be processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Art. 29 GDPR

Processors and persons acting under the authority of the controller or processor who have access to personal data may process such data only on instructions from the controller unless required to do otherwise by Union or Member State law.

Art. 32(2) GDPR

When assessing the appropriate level of security, account shall be taken in particular of the risks associated with processing, especially accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

Art. 33(1) GDPR

In the event of a personal data breach, the controller shall notify the competent supervisory authority without undue delay and, where feasible, within 72 hours after becoming aware of it, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.

Purpose of Processing

The collected data are primarily processed to ensure that the website functions properly and can be displayed correctly.

The web server hosting our website requires this information in order to determine which pages and sections you access and request from the server. The legal basis for processing is our legitimate interest in enabling you to access and use our website (Art. 6(1)(f) GDPR) and our interest in ensuring proper delivery of the website.

This information is also stored in log files. These serve to analyze technical issues and implement security measures in the event of attacks, for example by blocking IP addresses and access attempts. This processing is likewise based on our legitimate interest (Art. 6(1)(f) GDPR). This processing activity enables us to establish appropriate technical and organizational measures for the protection of information, which we are also obliged to implement under Art. 32(1) GDPR.

Data Collected During Website Visits

Server Log Files

When accessing our website, the following information is recorded:

IP address of the computer/internet connection from which the request was sent
Website from which the user accessed our page (“referrer”)
Browser information (browser type, operating system, language settings, etc.)
Information about the server service used
Protocol version
Name of the accessed file or page (URL)
Date and time of access
Amount of data transferred
Status messages (e.g., error messages)
Session ID with timestamp

Cookies

Cookies are used to ensure proper display of the website, recognize returning visitors, and store certain settings of your device.

Cookies are small text files stored on your computer. During future visits, they allow our website to remember you and your preferences and display content or suggestions based on previous visits.

Telephone and Email

Various contact details are provided on our website. If you send us an email or contact us by telephone or WhatsApp, you are actively initiating communication.

We therefore assume that you have a legitimate interest in our company, our work, or our products and are contacting us on this basis (Art. 6(1)(f) GDPR – balancing of interests).

Please note that by contacting us through these channels, you leave the scope of this privacy policy because you are no longer interacting with us through our website but via other communication methods.

Disclosure of Data

We do not operate our website on our own servers. Instead, we use specialized service providers. Consequently, the data described above are not stored directly by us but by our data processor with whom we have concluded a corresponding data processing agreement.

For hosting services, we use IONOS (www.ionos.de), whose data centers are located within the EU/EEA.

General privacy information from IONOS can be found here:
https://www.ionos.de/terms-gtc/terms-privacy/

Obligation to Provide Data

There is no contractual or legal obligation to provide data. However, without the provision of data, our website may not function properly.

Third-Country Transfers and Safeguarding of Data Protection Levels

No intended transfer of data to third countries takes place.

Source of Collected Data

Your data are collected when you visit our website.

Automated Decision-Making

Your personal data stored by us are not subject to automated decision-making, including profiling, that produces legal effects.

Trackers, Social Media, and Other Services

Our website uses various plug-ins, social media integrations, and web analysis services (“trackers”). These technologies are used primarily on the basis of our legitimate interest (Art. 6(1)(f) GDPR) to improve website performance and presentation, evaluate visitor data for marketing and security purposes, and further develop our company, services, and products.

Google reCAPTCHA

Description of Processing and Purpose

This website uses Google reCAPTCHA to protect certain components of our website and prevent misuse of our online services. This is a tracking mechanism that uses algorithms to determine whether a visitor is a human or a bot based on usage behavior.

To perform this evaluation, personal data are transmitted to Google servers, where they are analyzed and scored. If the resulting score exceeds the threshold required to protect our website, additional questions may be displayed before certain functions can be used (e.g., contact forms).

The use of Google reCAPTCHA is based on our legitimate interest (Art. 6(1)(f) GDPR) in protecting our website against technical misuse such as spam bots.

Categories of Personal Data Processed

User behavior (click history, dwell time, pages visited)
IP address and approximate location
Technical device information (browser, operating system, language, screen resolution, etc.)
Referrer URL
Internet service provider information
Achievement of website objectives

Recipients of Data

Further Google services integrated into our website.

Third-Country Transfers

Data may be transferred outside the EU to Google.
The responsible provider within the EU is:
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, Ireland

Google is certified under the Data Privacy Framework (DPF).

Storage Duration

As the data processing is outside our control, we cannot provide information about storage duration.

Obligation to Provide Data

There is no contractual obligation to provide data. However, some functions of the website may be restricted if data are not provided.

Source of Data

Data are collected and transmitted when you visit our website.

Automated Decision-Making

No automated decision-making with legal effects is carried out by us. Data processed by Google may, however, be used by Google for profiling purposes.

Google Tag Manager

Description of Processing and Purpose

This website uses Google Tag Manager. This service enables website tags to be managed and forwarded to other services. The tool itself does not store any data but forwards statistical information (IP address, referrer, dwell time, visited pages, etc.) to additional web analysis tools integrated into our website.

The legal basis is our legitimate interest (Art. 6(1)(f) GDPR) in transferring statistical visitor data to relevant analytics tools.

Categories of Personal Data Processed

User behavior
IP address and approximate location
Technical device information
Referrer URL
Internet service provider information
Website objectives achieved

Recipients of Data

Additional Google services integrated into our website.

Third-Country Transfers

Data may be transferred outside the EU to Google.
Google Ireland Limited acts as the responsible provider in the EU.

A data processing agreement pursuant to Art. 28 GDPR has been concluded.

Storage Duration

The tool itself stores no data.

Obligation to Provide Data

No legal obligation exists. If data are not provided, downstream tracking tools may not function correctly.

Source of Data

Data are collected when visiting our website.

Automated Decision-Making

No automated decision-making with legal effects is carried out by us.

Google Analytics

Description of Processing and Purpose

Provided you have given your consent, this website uses Google Analytics, a web analytics service provided by Google LLC. Google Analytics uses cookies to analyze your use of our website. Information generated by cookies is generally transmitted to Google servers in the USA and stored there.

Google processes this information on behalf of the website operator to evaluate website usage and compile reports on website activities. These reports help analyze website performance and the success of marketing campaigns.

The legal basis is your consent (Art. 6(1)(a) GDPR). You may revoke your consent at any time via the cookie settings:
https://deutsche-wasser-holding.de/cookie-richtlinie/

Further information:
https://marketingplatform.google.com/about/analytics/terms/de/
https://policies.google.com/?hl=de

Recipients of Data

Google Ireland Limited, Dublin, Ireland, acting as processor.

Third-Country Transfers

Data transfer to the USA cannot be excluded. Google is certified under the Data Privacy Framework.

Storage Duration

Data linked to cookies are automatically deleted after 14 months.

Preventing Data Collection

You can prevent Google Analytics data collection by:

refusing cookies, or
installing the browser add-on:
https://tools.google.com/dlpage/gaoptout?hl=de

Obligation to Provide Data

No legal obligation exists. If consent is not granted, some website functions may be limited.

Automated Decision-Making

No automated decision-making with legal effects is carried out by us.

DoubleClick

Description of Processing and Purpose

Our website uses the Google DoubleClick marketing plug-in. This enables us to display advertisements and campaigns, partly personalized according to browsing behavior.

The legal basis is our legitimate interest (Art. 6(1)(f) GDPR) in providing personalized content and optimizing marketing activities.

More information:
https://adssettings.google.de
https://policies.google.com/privacy

Categories of Personal Data Processed

Cookies
IP address
Referrer URL
Browser and operating system data
Geo-location information

Recipients of Data

Google Ireland Limited and potentially Google LLC in the USA.

Third-Country Transfers

Data transfer to the USA cannot be excluded. Google is certified under the Data Privacy Framework.

Storage Duration

We cannot provide information about storage duration, as processing is controlled by Google.

Automated Decision-Making

No automated decision-making with legal effects is carried out by us.

Real Cookie Banner

We use the consent management tool “Real Cookie Banner” to manage cookies and related technologies.

Further information:
https://devowl.io/de/rcb/datenverarbeitung/

The legal basis is Art. 6(1)(c) and Art. 6(1)(f) GDPR.

Providing personal data is neither contractually required nor necessary for concluding a contract. However, without this data we cannot manage your consent preferences.

Google Web Fonts

Description of Processing and Purpose

Our website uses Google Web Fonts to ensure consistent display across all devices. The fonts are integrated locally via our web server, meaning no data are transferred to Google servers.

The legal basis is our legitimate interest (Art. 6(1)(f) GDPR) in ensuring proper website functionality and display.

Categories of Personal Data Processed

IP address
Date
Browser and operating system information

Recipients of Data

No disclosure takes place.

Third-Country Transfers

No data transfer to the USA takes place.

Storage Duration

No separate storage occurs beyond standard website visit logs.

Automated Decision-Making

No automated decision-making takes place.

Google Maps

Description of Processing and Purpose

Our website uses Google Maps to display locations and geographical information.

This service is used on the basis of our legitimate interest (Art. 6(1)(f) GDPR) to help users locate our company and plan routes.

Google Maps content is only loaded with your consent (Art. 6(1)(a) GDPR).

Categories of Personal Data Processed

IP address
Browser and operating system data
Referrer URL
Google account information (if logged in)

Recipients of Data

Google Ireland Limited and potentially Google LLC in the USA.

Third-Country Transfers

Data transfer to the USA cannot be excluded. Google is certified under the Data Privacy Framework.

Automated Decision-Making

No automated decision-making takes place.

YouTube

Description of Processing and Purpose

Our website uses YouTube services provided by Google to embed videos and multimedia content.

This serves our legitimate interest (Art. 6(1)(f) GDPR) in presenting our company, services, and products in an appealing and informative manner.

Embedded YouTube content is loaded only with your consent (Art. 6(1)(a) GDPR).

Categories of Personal Data Processed

IP address
Browser and operating system data
Referrer URL
Google account information (if logged in)

Recipients of Data

Google Ireland Limited and potentially Google LLC in the USA.

Third-Country Transfers

Data transfer to the USA cannot be excluded. Google is certified under the Data Privacy Framework.

Automated Decision-Making

No automated decision-making takes place.

Your Rights as a Data Subject

Right of Access (Art. 15 GDPR)

You have the right to obtain information about the scope and purpose of the processing of your personal data.

Right to Rectification (Art. 16 GDPR)

You have the right to request correction of inaccurate personal data.

Right to Erasure (Art. 17 GDPR)

You may request deletion of your data unless legal obligations prevent us from doing so.

Right to Restriction of Processing (Art. 18 GDPR)

You may request restriction of processing instead of deletion under certain circumstances.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw that consent at any time with future effect.

Right to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority. Contact details can be found above.

DWH Deutsche Wasser Holding GmbH
Bahnhofstraße 24
54687 Arzfeld
Germany

Imprint | Data Protection