Privacy Policy - werusys Industrieinformatik

1 Privacy Policy

Version: 1.2

Last updated: 25.02.2026

1.1 Controller

Werusys GmbH & Co. KG
Kaiser-Wilhelm-Ring 40
50672 Köln, Deutschland

Email: datenschutz@werusys.de
Phone: +49 221 970348-0

If you have questions regarding data protection, you may contact us at the above details.

1.2. Scope of Processing

This privacy policy informs you about the processing of personal data when visiting our website and using our online services in accordance with Articles 13 and 14 GDPR.

1.3. Hosting

Our website is technically operated and maintained by:

Voltaire Graphics

In der Maar 25

53175 Bonn

Germany

Voltaire Graphics processes personal data (e.g., IP addresses, server logs, website content and contact form submissions) exclusively on our behalf pursuant to Art. 28 GDPR under a Data Processing Agreement.

The hosting infrastructure is provided within the European Economic Area (EEA). The hosting provider has engaged the infrastructure sub-processors within the EEA Host Europe GmbH.

No processing takes place outside the EEA in connection with website hosting.

1.4. Server Log Files

When accessing our website, the following data is automatically processed:

• IP address

• Date and time of access
• Browser type/version
• Operating system
• Referrer URL

• Requested pages

Server logs are processed for system stability, security monitoring, fraud prevention, error detection and system integrity purposes.

Legal basis: Art. 6(1)(f) GDPR

Retention: Typically 7–14 days unless security-relevant. Backups are created regularly and stored within the EEA.

1.5. Contact Requests

If you contact us via email, phone, or contact form, we process:

• Name
• Email address
• Contact details

• Message content

Purpose:
• Handling your inquiry

• Pre-contractual measures

Legal basis:

• Art. 6(1)(b) GDPR (contract initiation)
• Art. 6(1)(f) GDPR (business communication)

Retention:

• Until inquiry resolved

• Commercial retention obligations may apply

If we use a CRM system (e.g., HubSpot), contact data may be stored there.

1.6. Use of HubSpot (CRM System)

We use:

HubSpot, Inc.

25 First Street, Cambridge, MA 02141, USA

Purpose:

• Customer relationship management
• Contact management

• Marketing communication (if consented)

Legal basis:

• Art. 6(1)(b) GDPR (contractual)
• Art. 6(1)(a) GDPR (consent for marketing)

International transfers:

HubSpot processes data in the USA. Data transfers are based on:

• EU Standard Contractual Clauses (SCCs) and/or
• EU-US Data Privacy Framework (if applicable)

Further information:

https://legal.hubspot.com/privacy-policy

1.7. Use of Microsoft 365

We use Microsoft 365 services provided by:

Microsoft Ireland Operations Limited
Dublin, Ireland

Purpose:

• Email communication
• Document management
• Collaboration tools

Legal basis:

• Art. 6(1)(b) GDPR
• Art. 6(1)(f) GDPR

Microsoft may provide remote support from outside the EEA under appropriate safeguards (SCCs and/or Data Privacy Framework).

1.8. Cookies and Consent Management

We use cookies and similar technologies.

Cookies are divided into:

1. Technically necessary cookies

2. Statistical/analytics cookies

3. Marketing cookies

Non-essential cookies are only set after your explicit consent pursuant to Art. 6(1)(a) GDPR.

You can withdraw your consent at any time via our cookie settings.

1.9. Google Analytics

We use Google Analytics:

Provider: Google Ireland Limited

Legal basis: Art. 6(1)(a) GDPR (consent) and IP anonymization enabled.

Data retention: Typically 14 months.

Google Analytics may involve data transfers to Google LLC, USA. Such transfers are based on the EU-US Data Privacy Framework and/or EU Standard Contractual Clauses.

1.10. Newsletter (if applicable)

If users subscribe:

• Email address
• Optional name

Legal basis:

Art. 6(1)(a) GDPR (consent)

Double opt-in procedure is used.

Data is stored until consent withdrawal.

1.11. Social Media Links

We maintain presences on:

• LinkedIn
• Facebook

When visiting these platforms, the privacy policies of the respective providers apply.

We do not transfer personal data to social networks unless you actively interact with the content.

1.12. Data Retention

We retain personal data:

• For the duration of contractual relationships

• According to statutory retention obligations (6–10 years)

• Until withdrawal of consent (where applicable)

1.13. Data Subject Rights

You have the following rights:

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction (Art. 18 GDPR)

• Data portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Withdrawal of consent (Art. 7(3) GDPR)

You also have the right to lodge a complaint with a supervisory authority.

1.14. International Transfers

Where personal data is transferred outside the EEA, we ensure appropriate safeguards pursuant to Art. 44 ff. GDPR, including:

• EU Standard Contractual Clauses
• EU-US Data Privacy Framework (where applicable)

1.15. Updates

We reserve the right to update this privacy policy to reflect legal or technical changes.

1.16. Hosting infrastructure providers within the EEA

1. Infrastructure sub-processors within the EEA Host Europe GmbH.

2. Cookies and Consent Management

2.1. General Information

We use cookies and comparable technologies (e.g., local storage, tracking pixels) on our website.

Cookies are small text files that are stored on your device. They may contain information such as:

• Browser type and version
• Operating system
• Referrer URL
• Date and time of access
• User preferences

• Online identifiers

The legal basis for the storage of information on end-user devices is § 25 TTDSG.

The legal basis for further processing of personal data is Art. 6 GDPR.

2.2. Categories of Cookies

We distinguish between the following categories:

a) Technically Necessary Cookies

These cookies are required for the operation and security of the website.

Examples:

• Session management
• Security tokens
• Load balancing
• Cookie consent status

Legal basis:

• § 25(2) TTDSG
• Art. 6(1)(f) GDPR (legitimate interest in secure website operation)

These cookies cannot be deactivated via the consent banner.

b) Statistical / Analytics Cookies

These cookies help us understand how visitors interact with our website.

Examples:

• Google Analytics
• HubSpot Analytics
• Similar tracking tools

Legal basis:

• § 25(1) TTDSG
• Art. 6(1)(a) GDPR (consent)

These cookies are only set after explicit consent.

c) Marketing Cookies

These cookies are used to display personalized advertising and measure campaign performance.

Examples:

• LinkedIn Pixel
• Facebook Pixel
• Retargeting technologies

Legal basis:

• § 25(1) TTDSG
• Art. 6(1)(a) GDPR (consent)

2.3. Consent Management

We use a consent management tool to:

• Obtain legally required consent
• Store proof of consent
• Allow users to withdraw consent at any time

When visiting our website for the first time, you can choose which categories of cookies you accept.

You can change or withdraw your consent at any time via the “Cookie Settings” link in the footer of our website.

Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

2.4. Cookie Details

Detailed information about individual cookies (name, provider, purpose, storage duration) is available within the cookie settings interface.

2.5. Storage Duration

The storage duration depends on the specific cookie:

• Session cookies: deleted after closing the browser
• Persistent cookies: stored for a defined period (e.g., 6–24 months)

You can delete cookies manually via your browser settings.

2.6. Third-Country Transfers

Where cookies involve providers located outside the European Economic Area (e.g., USA), data transfers are carried out on the basis of:

• EU Standard Contractual Clauses (SCCs) and/or
• EU-US Data Privacy Framework (where applicable)

2.7. No Pre-Consent Tracking

Non-essential cookies are not set before consent is granted.