We hereby inform you about the processing of your personal data by WEWO Schrauben- Befestigungsteile GmbH and the claims and rights to which you are entitled under the data protection regulations.

Responsibility and contact for processing

Responsible body:

WEWO Screws- Fastening Parts GmbH
An der Oelmühle 13

T: +49 (0)2834 9132 0
F: +49 (0) 2834 9132 70
E: info@wewo.de

Contact the Data Protection Officer:

dbc experts
External Data Protection Officer
Robin Parker
E: datenschutz@wewo.de

Data origin & sources

We process personal data that we receive from you in the course of our business relationship or business initiation or we collect on your behalf from the end customer.

Insofar as this is necessary for the provision of our services or the fulfilment of contracts, we may process data permissibly received from third parties (e.g. Creditreform).

In addition, we process personal data that we have permissibly obtained from publicly accessible sources (e.g. debtors' registers, land registers, commercial and association registers, press and other media).

Relevant personal data may include in particular:

  • Master data (personal data)
    (name etc.)
  • Contact details
    (address, telephone numbers, e-mail addresses, etc.)
  • Billing-relevant bank data
    (IBAN, BIC, credit card etc.)
  • Necessary data relevant to the contract (usage, consumption, turnover, etc.)
  • Data about your use of digital media
    (e.g. time of calling up a website, session information [cookies] etc.)

Lawfulness of the processing

We process personal data on the basis regulated in the German Data Protection Regulation (DS-GVO) and the German Federal Data Protection Act (BDSG).

  • For the fulfilment of contractual obligations or for the implementation of pre-contractual measures
    (Art. 6 para. 1 lit. b) DS-GVO):

    1. Contact form - collection of contact data
    2. Request for quotation - collection of contact, company master, economic and financial data
    3. Order acceptance and ordering - collection of address, master and contact data for delivery receipt and invoice receipt, if necessary billing via direct debit
    4. Processing of application and employee data within the framework of the employment relationship
  • Within the framework of a balancing of interests
    (Art. 6. 1 lit. f) DS-GVO):

    1. Analysis for marketing evaluation,
      Order processing: Google Inc. Ireland
  • Due to legal requirements
    (Art. 6. para. 1 lit. c) DS-GVO):

    1. Financial and tax authorities, principles of proper accounting
  • Based on your consent
    (Art. 6 para. 1 lit. a) DS-GVO)

    1. Advertising measures (B2B) - Newsletter consent

Recipient of the data

Within our company/group of companies, your data will be passed on to those departments that need it to fulfil their contractual and/or legal obligations.
Your data will only be passed on or transferred to other external bodies if

  • for contract processing, especially shipping on behalf of third parties (transmission of recipient data of the end customer to partners of WEWO GmbH [e.g. purchasing associations])
  • on the basis of legal obligations (e.g. disclosure to tax authorities)
  • to process the data as a service provided by external parties on behalf (postal services, archiving/document management, IT services (incl. security), waste/media/document disposal, marketing, or billing services).
  • for clarification of facts by experts (e.g. lawyers, surveyors) or support of authorities in the sense of criminal prosecution
  • on the basis of your direct consent to the transfer to third parties which we have received from you.

In the event that your data is processed on behalf of external third parties, your data is subject to guaranteed security standards there (order processing agreement). Your commissioning may result in processing in the sense of a transfer.

Time limits for storing, deleting and blocking your data

If necessary, we process and store your personal data for the duration of our business relationship, which also includes the initiation and processing of a business transaction.

In addition, we are subject to various storage and documentation obligations, which result, among other things, from the

  • German Commercial Code (HGB),
  • of the German Fiscal Code (AO),
  • the German Banking Act (KWG),
  • the Money Laundering Act (AMLA)
  • the German Civil Code (BGB)


The periods specified there for storage or documentation are two to ten years - in the sense of the BGB three to 30 years.

Blocking of your data for inspection by our regular employees or deletion of the data records is carried out according to the principle of a balancing of interests after termination of the business relationship or expiry of the retention periods.

Transfer to third country

A transfer of your data to third countries (outside the EU or the EEA) will only take place and under the assurance of suitable guarantees, insofar as this is

  • for the execution of your orders or fulfilment of the (pre-)contractual measures
  • prescribed by law
  • legitimised by your consent

or the interest of the company in the processing outweighs the need to protect your data (Art. 6 para. 1 f) DS-GVO).

Your rights

You have a right under the GDPR to:

  • Information (Art. 15 DS-GVO)
  • Correction (Art. 16 DS-GVO), should your personal data be incorrect
  • Deletion (Art. 17 DS-GVO), provided that, among other things, no statutory retention periods conflict with this
  • Restriction of processing (Art. 18 DS-GVO)
  • Objection (Art. 21 DS-GVO)
  • Data portability (Art. 20 DS-GVO), insofar as this concerns data provided by you
  • Complaint (Art. 77 DS-GVO) to the following competent data protection supervisory authority:

State Commissioner for Data Protection and Freedom of Information
PO Box 20 04 44
40102 Düsseldorf

Tel.: 0211/38424-0 / Fax: 0211/38424-10
E-mail: poststelle@ldi.nrw.de

Necessity of data provision

Within the scope of the business relationship, you only have to provide the personal data that is necessary for the establishment and implementation of the business relationship or which we are legally obliged to collect (e.g. personal data).
As a rule, no contract can be concluded, executed or terminated without this data.

Automated individual case decision

An automated individual case decision is not made.

Scoring and profiling

In the context of fraud prevention, anti-money laundering and risk management, scoring values based on recognised mathematical-statistical methods and best practices may be used and/or calculated in order to minimise risks. This concerns the following data in particular:

  • Payment behaviour (debtor balances, etc.)
  • Profit, loss and turnover figures
  • Customer data, including company name and sector
  • Current contractual relationships (if applicable with third parties)

Sensitive data (according to Art. 9 DS-GVO) are not processed in this sense.

Right of objection

If reasons arise from your situation that speak against the processing of your personal data (pursuant to Art. 6 para. 1 lit. f) DS-GVO), you have the right of revocation.

If you object, we will no longer process your data unless we can demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the (further) processing serves the assertion, exercise or defence of legal claims or compliance with legal or contractual obligations.
Your data will also be processed for promotional purposes. If you do not wish to receive promotional information about news and promotions, you have the right to object to the use of your personal data for promotional purposes at any time.

You can address a revocation to the responsible body (page 1).