Logo of WeberHaus.co.uk
Call us on: +44 (0)1727 867900
Fountain Court | 2 Victoria Square, Victoria Street | St Albans, AL1 3TF

Office hours: Monday to Thursday 9.00 am to 5.30 pm | Friday 9.00 am to 5.00 pm

Data Protection Statement in accordance with GDPR

1. Name and address of the controller responsible for the processing
The controller within the meaning of the General Date Protection Regulation, other data protection laws that apply in the Member States of the European Union and other provisions that have a data protection law character is:
WeberHaus GmbH & Co. KG (hereinafter: WeberHaus)
Am Erlenpark 1, D-77866 Rheinau-Linx, Germany
E-mail: info@weberhaus.de, Website: www.weberhaus.de  

2. Address of the data protection officer
The data protection officer at WeberHaus can be reached via the following contact data:
WeberHaus GmbH & Co. KG
– Data Protection Officer –
Am Erlenpark 1, D-77866 Rheinau-Linx, Germany
E-mail: datenschutz(at)weberhaus.de

3. Use of Cookies
The WeberHaus website uses Cookies. Cookies are files that are stored by the internet browser on the user's computer system. When a site is visited, the Cookies are forwarded to such a site and therefore facilitate the allocation of a user. Cookies help to simplify the use of internet pages for the users. 
The WeberHaus website uses the following types of Cookies, the scope and functions of which are described below:
- Transient Cookies 
Transient Cookies are automatically deleted once you close the browser. These include, in particular, Session Cookies. These store a so-called Session ID by way of which various enquiries by your browser can be allocated to the joint visit. As a result, your computer can recognise when you return to our internet pages. The Session Cookies shall be deleted when you log out or close the browser.
- Persistent Cookies
Persistent Cookies are automatically deleted following a specified period, which may vary depending on the Cookie. You can delete the Cookies at any time in the security settings of your browser.
Article 6(1) Letter f GDPR is the legal basis for the preparation of personal data by way of using Cookies.
You can object at any time to the setting of Cookies by changing the setting accordingly in the internet browser. Set Cookies can be deleted. Attention is drawn to the fact that if you deactivate Cookies, you may not be able to use all the functions of our website in full. 

4. Creating logfiles
Each time a website page is visited, WeberHaus records data and information by way of an automated system. These are stored in the server’s logfiles. 
In that respect, the following data may be collected:
‐ Information about the browser type and the used version
‐ The user’s operating system
‐ The user’s internet service provider
‐ The user's IP address
‐ The date and time of the enquiry
‐ Website pages from which the user's system gains access to our website (referrer)
‐ Website pages that are visited by the user's system via our website 
The processing of data is aimed at supplying the content of our website, guaranteeing the good working order of our technical information systems and optimising our website. In that respect, the logfile data are, at all times, stored separate from the users’ other personal data.  Article 6(1) Letter f GDPR is the legal basis for the temporary processing of personal data and the logfiles.

5. Registering on our website
If the data subject makes use of the option of registering on the website of the controller responsible for the processing by way of stating personal data, the data are forwarded in the respective entry mask to the controller responsible for the processing. The data are stored exclusively for the purpose of internal use by the controller responsible for the processing.
I have read the Data Protection Statement and accept that the collected data shall be stored for the purpose  of support and communication. I consent to being contacted by telephone/e‐mail/Newsletter/post to  provide advice on and initiate a potential company contract and for advertising information. Such consent  may be withdrawn at any time with future effect. 
When registering, the user’s IP address as well as the date and time of registration are stored. This is aimed at preventing misuse of the services. Such data are not forwarded to third parties. An exception applies if a statutory obligation applies in respect of forwarding such data. Registering the data is aimed at providing content or services. Article 6(1) Letter a GDPR is the legal basis for processing the data where the user has given such consent. If the registration is aimed at executing a contract, the contracting party to which is the user, or to perform pre-contractual measures, the additional legal basis for processing the data is Article 6(1) Letter b GDPR.
Registered persons can at any time have the stored data deleted or amended. The data subject shall receive information about the personal data stored about that person. 

6. Newsletter
If you subscribe to our company's Newsletter, the data in the respective entry mask are forwarded to the controller responsible for the processing.  When registering for the Newsletter, the user’s IP address as well as the date and time of registration are stored. This is aimed at preventing misuse of the services or the data subject's e-mail address. Such data are not forwarded to third parties. An exception applies if a statutory obligation applies in respect of forwarding such data. The data are used exclusively to dispatch the Newsletter.  Article 6(1) Letter a GDPR is the legal basis for processing the data after registering for the Newsletter by the user where the user has given such consent.
The data subject may cancel the Newsletter subscription at any time. Similarly, consent to the storage of personal data may be withdrawn at any time for the future. To that end each Newsletter contains a corresponding link. 

7. Mobile Apps
In addition to our internet pages and the MyWeberHaus service portal, WeberHaus provides a mobile App, which you can download to your mobile device. Please find below information about the collection of personal data when using our mobile App.
When downloading the mobile App, the required information is forwarded to the App Store, i.e. in particular the user name, e-mail address and customer number of your account, the time of the download and the individual device ID. We do not exert any influence on such a collection of data, and are not responsible in that respect. We only process the data in so far as such action is required to download the mobile App to your mobile device.
In the case of using the mobile App, we collect the personal data stated below to facilitate the comfortable use of the functions. We collect the following data that we require in respect of the technical services to provide you with the functions of your mobile App and guarantee stability and security:
- IP address
- Date and time of the enquiry
- Time zone difference compared to Greenwich Mean Time (GMT)
- Content of the enquiry (specific page)
- Access status (http status code)
- Respective transferred data quantity
- Website providing the enquiry 
- Browser
- Operating system and its interface
- Language and browser software version. 
In addition, we require your device identification (IMEI), the unique number of the network participant (IMSI), the mobile radio number (MSISDN), the MAC address for the WLAN use, the name of your mobile device and your e-mail address.
Article 6(1) Letter a GDPR is the legal basis for processing the data where the user has given such consent.

8. Options for establishing contact
A contact form available from the WeberHaus website can be used to establish contact electronically. Alternatively, you can establish contact with us by using the stated e-mail address. If the data subject establishes contact with the controller responsible for the processing via one of these channels, the personal data made available by the data subject shall be stored automatically. The storage is solely geared towards processing purposes or establishing contact with the data subject. Such data are not forwarded to third parties.
Article 6(1) Letter a GDPR is the legal basis for processing the data where the user has given such consent. Article 6(1) Letter f GDPR is the legal basis for the processing of the data during the course forwarding an e-mail. In addition, Article 6(1) Letter b GDPR is the legal basis for the processing if the e-mail contact is geared towards entering into a contract.

9. Forwarding data to third parties (use Google Analytics among others)
Use of Google Analytics:
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called Cookies, text files that are stored on your computer and which facilitate an analysis of how you use the website. The information created by the Cookie and your use of the website are normally sent to a Google server in the USA and stored there. In the event of rendering the IP address anonymous on this website, Google shall, however, shorten your IP address in the Member States of the European Union or in other contracting countries to the Agreement on the European Economic Area. The full IP address is only forwarded to a Google server in the USA and stored there in exceptional cases. By order of the operator of this website, Google shall use this information to evaluate your use of the website, to put together reports on the website activities and to render additional services associated with the website and internet use for the website operator. The IP address forwarded as part of Google Analytics from your browser shall not be grouped together with other data from Google. You can prevent the storage of Cookies by way of a corresponding setting in your browser software. However, we draw attention to the fact that in such a case you may not be able to fully use all the functions on this website. Furthermore, you can prevent the recording of the data created by the Cookie and related to your use of the website (including your IP address) and forwarding to Google as well as the processing of such data by Google by downloading and installing the browser plug-in via the following link (http://tools.google.com/dlpage/gaoptout?hl=de):  For more information about conditions of use and data protection please visit www.google.com or www.google.com/intl/de/analytics/privacyoverview.html. We draw attention to the fact that on this website Google Analytics has been expanded to include the code gat._anonymizeIp() to guarantee the anonymous recording of IP addresses (so-called IP Masking).
Article 6(1) Letter f GDPR is the legal basis for the processing of personal data via Cookies. 
Using Facebook advertising:
WeberHaus uses communications tools of the network Facebook, in particular the Custom Audiences product and Website Custom Audiences. As a matter of principle, in that respect a non-reversible and non-personable test amount (hash value) is generated from the use data that can be sent to Facebook for analysis and marketing purposes. The Facebook Cookie is approached for the Website Custom Audiences product.  For more information about the purpose and scope of the collection of data and the further processing and use of the data by Facebook, as well your settings options to protect your privacy, please see the data protection guidelines of Facebook, which you can view at www.facebook.com/ads/website_custom_audiences/ and www.facebook.com/privacy/explanation. If you wish to object to the use of the Facebook Website Custom Audiences, you can do this at www.facebook.com/ads/website_custom_audiences/. If you wish to object to the use of the Facebook Custom Audiences, please unsubscribe from the web services.  Article 6(1) Letter f GDPR is the legal basis for the processing of personal data. 
Forwarding to service providers: 
WeberHaus forwards collected, recorded and stored data, for the purpose of executing and preparing contracts as part of the measures that are required, to suppliers or companies incorporated in performing construction work and authorities such as architects, financing companies and brokers etc.  The processing and forwarding of the data are aimed at executing a contract, the contracting party to which is the user, or to perform pre-contractual measures. Therefore, Article 6(1) Letter b GDPR is the legal basis for processing the data. In addition, Article 6(1) Letter f GDPR is the legal basis for the processing and forwarding of the users’ personal data.

10. Identification procedure
To furnish proof of stated consent and to verify identification, we use the so-called Double Opt-In procedure (DOI). This means that once you have registered with us, we send you an e-mail to the stated e-mail address in which we request that you provide confirmation that you consent to the storage of your data to facilitate the individual services and that you consent to being contacted for customer support and communication via the respective communication channels in respect of which you have granted your consent. If you fail to provide confirmation of your registration within 24 hours, your information shall be blocked and automatically deleted after one month. Furthermore, we shall in each case store your used IP addresses and the times of the registration and confirmation. This procedure is aimed at furnishing proof of your registration and, where applicable, being in a position to clarify potential misuse of your personal data. 

11. Routine deletion of personal data
The controller responsible for the processing shall store and save the data subjects’ personal data only as long as such action is required for the aforementioned purposes. Storage beyond this may apply provided such action was specified by the European or national legislator in Union law orders, laws or other requirements to which the controller responsible for the processing is subject. 
As soon as the storage purpose no longer applies, or a storage period specified by the stated requirements expires, the personal data shall be routinely deleted.  

12. Rights of the data subject
If your personal data are processed, you are the data subject within the meaning of GDPR, and you shall be able to exercise the following rights against the controller:
12.1 Right to obtain information
You have the right to obtain from the controller confirmation as to whether or not personal data concerning you are being processed.  Where that is the case, you may request that the controller grants access to following information:
a. the purposes for which the personal data are processed;
b. the categories of personal data that are processed;
c. the recipients or categories of recipient to whom your personal data have been or will be disclosed;
d. the envisaged period for which your personal data will be stored, or, if not possible, the criteria used to determine that period;
e. the existence of the right to request from the controller rectification or erasure of your personal data or restriction of processing of personal data concerning you or to object to such processing; 
f. the right to lodge a complaint with a supervisory authority;
g. where the personal data are not collected from the data subject, any available information as to their source;
h. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You are entitled to obtain information about whether your personal data shall be forwarded to a third country or to an international organisation. In this context, you have the right to be informed of the appropriate safeguards according to Article 46 GDPR relating to the transfer. 
12.2 Right to rectification 
You have the right to obtain from the controller rectification and/or completion of incomplete data provided the processed personal data that apply to you are inaccurate or incomplete. The controller is to implement the rectification without delay.
12.3 Right to restriction of processing
 You have the right to obtain from the controller restriction of the processing of your personal data where one of the following applies:
a. if you contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
b. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
c. the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims or
d. if you have objected to processing according to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override your grounds.
Where processing of your personal data has been restricted, such personal data shall – with the exception of storage – only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If the restriction of processing has been restricted in accordance with the aforementioned requirements, you shall be informed by the controller before the restriction of processing is lifted.
12.4 Right to erasure
12.4.1. You have the right to obtain from the controller the erasure of personal data concerning you without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:
a. the personal data that apply to you are no longer necessary in relation to the purposes for which they were collected or otherwise processed;.
b. You withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing. 
c. You object to the processing according to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing according to Article 21(2) GDPR. 
d. Your personal data have been unlawfully processed. 
e. The personal data that apply to you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject. 
f. The personal data that apply to you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
12.4.2. Where the controller has made the personal data public and is obliged according to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data. 
12.4.3. Paragraphs 1 and 2 shall not apply to the extent that processing is necessary
a. for exercising the right of freedom of expression and information;
b. for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
c. for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) Letters h and i as well as Article 9(3) GDPR;
d. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing, or
e. for the establishment, exercise or defence of legal claims. 
12.5 Right to information
If you have exercised the right to rectification, deletion or restriction of the processing against the controller, the controller undertakes to notify all recipients to whom your personal data have been disclosed of such rectification or deletion of the data or restriction of the processing unless this proves impossible or is associated with disproportionate effort. In dealings with the controller you have the right to be informed of such recipients.
12.6 Right to data portability
You are entitled to receive the personal data that applies to you that you have made available to the controller. In addition, you are entitled to forward such data to another controller without restriction by the controller to whom the personal data was made available provided
a. the processing is based on consent in accordance with Article 6(1) Letter a GDPR or Article 9(2) Letter a GDPR or on a contract in accordance with Article 6(1) letter b GDPR and
b. the processing applies by way of automated procedures.
Furthermore, in exercising your right you are entitled to bring about a situation in which the personal data that apply to you are directly forwarded by a controller to another controller provided this is technically feasible. Freedoms and rights of other persons may not be impaired in this respect. The right to data portability does not apply to the processing of personal data that is required to perform a task that is in the general interest or which applies by way of exercising public power that has been assigned to the controller.
12.7 Right to object
You are entitled, for reasons that arise from your special situation, to object at any time to the processing of the personal data that apply to you, whereby the processing arises from Article 6(1) Letter e or f GDPR. This also applies to profiling based on these provisions. 
The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing is aimed at the establishment, exercise or defence of legal claims.
Where your personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data concerning for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
In conjunction with using services of the information company – irrespective of Directive 2002/58/EC – you have the option to exercise your right to object by automated means using technical specifications.
12.8 Right to withdraw the data protection law declaration of consent
You are entitled to withdraw your data protection law declaration of consent at any time. Withdrawing the declaration of consent does not affect the legality of the processing up until the withdrawal as a result of the consent.
12.9 Automated decision in an individual case including profiling
You are entitled not to be subject to a decision that is not exclusively based on automated processing – including profiling – which has a legal effect against you or which has a considerable detrimental effect on you in a similar manner. This does not apply if the decision
a. is required to enter into or execute a contract by you and the controller,
b. is permissible as a result of legal requirements of the Union or the Member States, which the controller is subject to, and these legal requirements contain appropriate measures to safeguard your rights and freedoms as well as your justified interests or
c. applies based on your express consent.
However, these decisions may not be based on special categories of personal data in accordance with Article 9(1) GDPR provided Article 9(2) Letter a or g apply and appropriate measures have been adopted to protect your rights and freedoms as well as your justified interests.
With regard to the cases stated in a. and c., the data controller shall implement suitable measures to safeguard the rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision. 12.10  Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of the habitual residence, place of work or place of the alleged infringement if you considers that the processing of personal data relating to you infringes the GDPR. 
The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy according to Article 78 GDPR. 

13. Legal basis for the processing
Insofar as we obtain consent from the data subject for the procedures involving the processing of personal data, Article 6(1) Letter a of the EU General Data Protection Regulation (GDPR) applies as the legal basis.
In the case of processing personal data that is required to execute a contract, the contacting party to which is the data subject, Article 6(1) Letter b GDPR applies as the legal basis. This also applies to processing procedures that are required to adopt pre-contractual measures. Insofar as the processing of personal data is required to honour a legal obligation, which our company is subject to, Article 6(1) Letter c GDPR applies as the legal basis.
In the event that vital interests of the data subject or another natural person necessitate the processing of personal data, Article 6(1) Letter d GDPR applies as the legal basis.
If the processing is required to safeguard a justified interest of our company or a third party, and if the interests, basic rights and basic freedoms of the data subject do not outweigh the first stated interest, Article 6(1) Letter f GDPR applies as the legal basis for the processing. Our company's justified interest consists of performing our business activity. 

14. Period in which personal data are stored
Personal data are stored for the period of the respective statutory storage period. Following expiry of the period, the data are routinely deleted provided there is no necessity to initiate or execute a contract. 

Rheinau-Linx, dated 24 May 2018