Privacy Statement


In this privacy policy, we explain to you the scope, purpose and type of processing of personal data (hereinafter referred to as "data") within the scope of our online offer. This includes our respective websites, their functions, as well as their contents and external online presences, such as our profiles in social media, hereinafter referred to as "online offer".

1. Information on the collection of personal data

1.1 Personal data is all information that relates to a natural person, or at least can be referred to. This includes, for example, name, address, e-mail addresses, user behaviour.

1.2 The controller responsible for the processing of your data is

Gustav Westerfeld GmbH
Mainzer Str. 150
66121 Saarbrücken
(see our imprint)

1.3. If we use contracted service providers for individual functions of our offer or wish to use your data for advertising purposes, we will inform you in detail about the respective processes below.

2. Your rights

You have the following rights in relation to the personal data concerning you:

2.1. the right to obtain information in accordance with Art. 15 GDPR, i.e. you may request from us information about your personal data processed by us, in particular the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, cancellation, limitation of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making, including profiling and, if applicable, meaningful information on the details thereof.

2.2 the right to have inaccurate data that is stored with us rectified or completed if it is incomplete in accordance with Art. 16 GDPR

2.3. the right to obtain the erasure in accordance with Art. 17 GDPR of your personal data stored with us, unless processing of such data is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;

2.4. the right to restrict processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defence of legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR

2.5. the right to data transfer in accordance with Art. 20 GDPR, i.e., the right to receive your personal data that you have provided us within a structured, commonly used and machine-readable format or to request that it be transferred to another controller;

2.6. the right to object pursuant to Art. 21, (1) and (2) of the GDPR the right to object at any time, for reasons arising from your specific situation, to the processing of personal data concerning you. Where personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing, including profiling, insofar as it is linked to such direct marketing.

2.7. the right to withdraw your consent, once granted, pursuant to Art. 7 (3) of the GDPR your withdrawal means that we may no longer continue to process the data based on this consent in the future.

2.8. If you wish to exercise your right of revocation or objection, simply send an e-mail to

2.9. the right of appeal in accordance with Art. 77 GDPR, i.e., the right to lodge a complaint to a supervisory authority. As a rule, you can turn to the supervisory authority of your usual place of residence or work or to our company headquarters for this purpose.

3. data transfer

We only transfer your personal data to third parties if:

3.1. you have expressly given your consent to do so in accordance with Art. 6 (1) (a) sentence 1 lit. a GDPR,

3.2. the disclosure pursuant to Art. 6 (1) (f) GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,

3.3. if we are legally obligated to pass on the data pursuant to Art. 6 (1) (1c) GDPR

3.4. the disclosure is legally permissible and required for the processing of contractual relationships with you in accordance with Art. 6 (1) (1b) GDPR

3.5. Sometimes we use service providers for individual tasks. In this context, the transfer of your data to these service providers may be necessary. When selecting these commissioned data processors, we strictly adhere to the requirements of Art. 28 GDPR.

The transfer of your data or access to your data will only take place if you have given us your consent if there is a legal obligation to do so or if we have a legitimate interest within the meaning of Art. 6 GDPR.

3.6. Transfers to third countries

A processing of your data in a so-called third country, i.e. a country outside the EU or the EEA, or a transfer of your data to such a third country by us or in the context of the use of services of third parties is carried out in accordance with Art. 44 GDPR only if it is done for the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests.

Processing in a third country only takes place in compliance with an appropriate level of data protection recognized by the EU or compliance with standard contractual clauses laid down by the EU Commission within die meaning of Art. 46 (2) (c) GDPR.

4. Credit assessment and receivables management

4.1. When initiating a contractual relationship, we sometimes use information from the credit agency Creditreform Saarbrücken, Karcherstraße 10, 66111 Saarbrücken, Germany, to assess the credit risk based on mathematical-statistical procedures, so-called scoring.
In this context, we transmit the personal data necessary for the credit assessment, such as name, date of birth, address, bank data, to the credit agency.

4.2. The purpose of this collection, processing and transmission is to prevent payment defaults in our company in order to maintain its economic performance.
The basis is Art. 6 (1). (b) GDPR and of Art. 6 (1) (f) GDPR. Based on this information, a statistical probability of a credit default and thus your solvency is calculated. We reserve the right to make our decision to conclude a contract dependent on the result of the information obtained.

4.3. You may object to the transmission of this data to the credit agency at any time. In this case, however, we reserve the right not to enter a contractual relationship with you.

4.4. Collection of outstanding debts
With the collection of outstanding debts, we instruct the company Creditreform Saarbrücken Dr. Uthoff KG, Karcherstraße 10, 66111 Saarbrücken, Germany
Within the scope of our legitimate interest in accordance with Art. 6 (1) (b) and (f) DSGVO. The data required for the collection of the claim will be transmitted to the agent. Further information on data processing is provided by the commissioner on its website.

5. Collection and storage of personal data/type and purpose of data processing

5.1. When you visit our website for purely informational purposes, i.e., you do not register or otherwise transmit information to us, information is automatically sent to the server of our website by the browser used on your terminal device. The server stores this information temporarily in a so-called log file.

5.2. According to the current state of technology, the following information is usually stored automatically without any further action on your part until automatic deletion:

5.2.1. IP address of the accessing computer/end device,

5.2.2. date and time of access,

5.2.3. name and URL of the accessed files,

5.2.4. website from which the Online Offer is accessed (referrer URL),

5.2.5. language, name and version of the browser software/browser engine.

5.2.6. operating system of your computer and the name of your access provider or the name of the owner of your public IP address.

5.2.7. time zone difference to Greenwich Mean Time (GMT).

5.2.8. content of the request (specific page, file)

5.2.9. HTTP status code/error code, access code

5.2.10. amount of data transferred in each case


5.3. processing of the above information serves the following purposes:

5.3.1. Ensuring a smooth connection establishment of the website,

5.3.2. ensuring a comfortable use of our website,

5.3.3. evaluation of system security and stability, and

5.3.4. clarification of misuse or fraudulent acts

5.3.5. for other administrative purposes.

5.4. The legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO. For the above-mentioned purposes, we have a legitimate interest in processing your data. Under no circumstances do we draw conclusions about your person from this data. The log files are stored for a maximum of 7 days and then deleted. If storage is required for evidence purposes, the data is exempt from deletion until the final clarification of the respective incident.

6. Cookies

When you use our website, so-called cookies are stored on your computer/end device. Cookies are small files that are stored on your terminal device assigned to the browser used and are either sent to the browser by the web server or generated by a script on the website and through which we receive certain information. Cookies do not execute any programs and do not transmit any viruses to the accessing end devices. They help to make our website more user-friendly, more effective, and safer for you.

Cookies are used on this website as follows:

6.1. Transient cookies are automatically deleted as soon as you close your browser. These are often session cookies that store a so-called session ID, which allows requests from your browser to be assigned to a common session. This also makes it possible to identify your computer/end device again when you visit our website again. Session cookies are deleted when you log out or close the browser.

6.2. Persistent cookies are automatically deleted after a specified period of time, which differs depending on the cookie. Cookies can be deleted at any time in the security settings or history of your browser.

6.3. A general objection to the use of cookies used for online marketing purposes can be filed with some services, especially tracking via the US site especially tracking via the US site or within the EU via

6.4. You can configure your browser according to your wishes so that it refuses to accept so-called third-party cookies or all cookies. Please note that you will probably not be able to use all functions of this website with disabled cookies.

6.5. If you have an account/login with us, we also use cookies to identify you for subsequent visits. Without cookie processing, you will have to log in again for each visit.

6.6. In particular, we currently use the following cookies:

Purpose: Serves to protect against cross-site request forgery attacks.
Legal basis: Technically necessary
Storage period: Session
Type: Session

Purpose: Stores certain website settings during the website visit (session). Required by applications that are based on the PHP language.
Legal basis: Technically necessary
Storage duration: Session
Type: Session

7. Deletion of data

7.1. Your data stored by us will be deleted as soon as it is no longer required for the fulfilment of the purpose underlying its processing. We adhere to the requirements of Art. 17 and 18 GDPR when deleting your data.

7.2. We are bound by legal retention periods, e.g., tax retention periods, which may prevent the deletion of your data. If data is not deleted because it is retained based on these periods or is required for other and legally permissible purposes, we restrict its processing, i.e., we only use the data for the above-mentioned purposes.

8. data security / encryption

Our server encrypts the access and your visit to our website by means of the widespread SSL procedure (Secure Socket Layer). The highest encryption level supported by your browser is used. Usually, 256-bit encryption is used; if your browser does not support this procedure, we use 128-bit v3 encryption. The "closed display" of the key or lock symbol in the address bar of your browser indicates whether an individual page of our website is transmitted in encrypted form. Often a part or the entire address line is also displayed in green or green with a green lock.

We use appropriate technical and organizational security measures to protect your data against intentional or accidental manipulation, partial or complete loss, destruction or unauthorized access by third parties. We continuously improve our security measures in line with technical developments.

9. Concluding sentence, changes and updates

We may update our Privacy Statement from time to time. Updates of our Privacy Statement will be published on our Website. Any amendments become effective upon publication on our Website. We therefore recommend that you regularly visit the site to keep yourself informed on possible updates.

This privacy policy is currently valid and has the status of December 2020.