Privacy Policy

Data Privacy Statement WeWash – (Version v0321, as of March 2021)

1. Controller

WeWash GmbH, Sendlinger-Tor-Platz 10, 80336 Munich (hereinafter referred to as “We”) is, as an operator of the website https://www.we-wash.com and publisher of the WeWash apps for Android and iOS (hereinafter referred to as “WeWash”), the controller for handling the personal data of the users of WeWash (hereinafter referred to as “You”). You can reach our data protection officer Timo Epp at the e-mail address dataprotection@we-wash.com or at our mailing address for the attention of “the data protection officer”.

We have taken technical and organisational actions to ensure that the data protection regulations are observed by us as well as by our service providers. In the following, we inform you in accordance with the applicable data protection regulations about the type, scope, and purpose of the collection, processing and use of the data gathered during your use of WeWash.

2. Personal data

Personal data is information that can be used to identify you. This includes, for example, information such as your correct name, postal address, email address, or telephone number, as well as all inventory data that you provide us with when registering and when you create your customer account. Statistical data that we collect, for example, during a visit to our website and that cannot be connected directly to your person is not covered by this.

3. Collection, processing and use of personal data when visiting the WeWash website

With simple, informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect personal data that your browser automatically transmits to our server for technical reasons. If you would like to view our website, we collect the following data:

- IP address;

- Date and time of access;

- name and URL of the retrieved file;

- URL of the referring website;

- retrieved file;

- transferred amount of data;

- browser type/version and language;

- operating system and its interface.

The data mentioned is processed by us for the following purposes:

- Ensuring a smooth connection to the site,

- Ensuring convenient use of our website,

- Evaluation of system security and stability as well as

- for additional administrative purposes.

We also use cookies to determine the preferred language of the visitor and, if possible, to set the language accordingly on the website.

Name: wp-wpml_current_language (first-party cookie)
Requires consent: no
Persistent: 1 day

For general information on cookies and their administration (e.g. consent), please refer to Clause 19 of this Data Protection Declaration.

The legal basis of the collection is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest follows from the reasons listed below.

The recipient of these data is our hosting provider Contabo GmbH (see Clause 7 of this Data Protection Declaration).

We also use other cookies as well as analysis and marketing services when you visit our website. For more detailed explanations in this regard, please see the following clauses of this Data Protection Declaration.

4. Collection, processing and use of personal data by WeWash when downloading the app

When downloading the mobile app, the following information is transferred to the App Store: User name, email address and customer number of your account, time of download, payment information and individual device code. We have no influence on this data collection and are not responsible for this. In addition, no personal data will be transmitted to us when downloading the mobile app.

5. Collection, processing and use of personal data during your registration

1) If you would like to use our services as a user, you must register once.

(2) Registration via our website and mobile app is done by specifying your first and last name, your email address, and a password selected. We use the so-called double opt-in procedure for registration via our website and mobile app, i.e. your registration is only completed if you enter your registration beforehand via an activation code sent to you for this purpose by email. The activation code has a validity of 24 hours. If the activation has not been carried out successfully, the data will be deleted within a further 48 hours.

(3) If you register via our telephone hotline, we record your first and last name, address, and telephone number and store this information in our system. We also ask for your payment information and process it in accordance with the declarations in No. 8. of this data privacy statement.

(4) We use cookies to be able to identify you for follow-up visits if you have an account with us. Otherwise, you would have to log in again for each visit.

Name: ww_access (first-party cookie)
Requires consent: no
Persistent: 30 days

Name: ww_refresh (first-party cookie)
Requires consent: no
Persistent: 5 minutes

Name: XSRF-TOKEN (first-party cookie)
Requires consent: no
Persistent: Session

For general information on cookies and their administration (e.g. consent), please refer to Clause 19 of this Data Protection Declaration.

(5) The recipient of these data is our hosting provider, Contabo GmbH (see Clause 7 of this Data Protection Declaration).

(6) The processing is necessary for the fulfilment of the contract for the use of the services of WeWash, whose contracting party is the respective user (Art. 6 Para. 1 lit. b GDPR). The use of the cookie specified in this clause is based on your consent (Art. 6 Para. 1 lit. a GDPR).

6. Collection, processing and use of personal data when using the WeWash service

(1) If you use the services we offer, we will save and use your data that are required for fulfilling the contract. These generally include your name, email address and your payment information. What data and for what purpose we collect them is explained in the clauses of this Data Protection Declaration. We sometimes use service providers to process your data. Such service providers are carefully selected and commissioned by us, are bound to our instructions and are checked regularly. Within the framework of this Data Protection Declaration, you will also receive more detailed information about the service providers we use.

(2) The storage period of your personal data is based on the respective statutory retention period. After expiry of this period, the relevant data will be deleted routinely, provided they are no longer required to carry out the contract and there is no legitimate interest in further storage.

(3) The processing is necessary for the fulfilment of the contract for the use of the services of WeWash, whose contracting party is the respective user (Art. 6 Para. 1 lit. b GDPR).

7. Hosting service and Microsoft Office

(1) We use the hosting service provider Contabo GmbH, Aschauer Str. 32a, 81549 Munich for saving our data. Your personal data is also stored there in the data centre.

(2) We also use the Office 365 Cloud Service from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. For information on data protection from Microsoft, see https://privacy.microsoft.com/de-de/privacystatement. We specifically use Outlook within the framework of our communication. If you communicate with us via email, your email address will be stored on the servers of the Microsoft Office 365 Cloud Service. The servers are in Europe.

8. Processing of payment transactions

Your payment information is processed by the payment service provider Mollie B.V., Keizersgracht 313, 1016 EE Amsterdam (“Mollie”) in order to process payment transactions in accordance with the data protection standards of the Payment Card Industry Data Security Standard (PCI DSS). If you register a SEPA direct debit mandate as your payment method, we will collect the data required for this – IBAN and account holder’s name – and send it to Mollie. We and Mollie are joint controllers as defined in the GDPR with regard to the data processed and transmitted as part of the direct debit process. If you register a credit card as your payment method, your credit card information will be collected and processed directly by Mollie. In this case, this payment information will also be stored in our system for invoicing purposes; we do not have your complete credit card details there at any time. These are transmitted to us by Mollie in masked form in the course of the registration of your payment method. Mollie is the controller as defined by the GDPR for the data collected as part of the credit card payment. You continue to have the option of paying via the checkout. There is a wide variety of payment methods available when using the checkout. All the data required for the checkout is collected and processed by Mollie directly. This data is never stored in our system. Mollie is the controller as defined by the GDPR for the data collected as part of the checkout process. For more information on data protection at Mollie, see https://www.mollie.com/de/privacy. The legal basis for the collection and further processing of your data is Art. 6(1) (b) GDPR.

9. Handling of successful and failed payment processes

We store the number of your successful and failed payment processes. We store this information to block certain payment methods or users in individual cases. We do this to prevent the misuse of our services. A decision about such measures is not performed automatically. The legal basis of the processing is Art. 6 Para. 1 lit. f GDPR.

10. Sending of invoices

We will send you an invoice after booking of our WeWash service. Invoicing takes place via easybill GmbH, Düsselstraße 21, 41564 Kaarst. For the purposes of invoicing, we send easybill your first and last name, the bookings made, the address of the assigned laundry room and the payment information in a masked form. If you book our WeWash service via app or website, you will receive the invoice by email. For this purpose, we also send your email address to easybill. If you make the booking by telephone, we will also send your address so that the invoice can be sent to you via post. The legal basis for processing and forwarding is Art. 6 Para. 1 lit. b GDPR.

11. Sending notifications

In the case of registration or booking of a WeWash service via your registered account, you will receive a confirmation email to the email address stored by you in your account. This email will inform you exclusively about the registration or booking process and will not take place for marketing purposes. Email dispatch is carried out by the email provider SMTP2GO (Sand Dune Mail Ltd), 96-106 Manchester Street, Christchurch 8011, New Zealand. SMTP2GO will receive your e-mail address and your name for this purpose. The legal basis of data processing is Art. 6 Para. 1 lit. b GDPR, because you are thus firstly informed of the completed registration and the delivery is required in order to conclude the double opt-in procedure. Secondly, you will be provided with immediate proof of the completion of the booking process by sending of the confirmation e-mail upon booking. In the context of an adequacy decision, the European Commission confirmed that New Zealand has an adequate level of data protection. In addition, the data transmitted by us to SMTP2GO is not processed outside of Europe.

12. Sending push messages in the app and via the website

(1) For sending push messages in mobile apps (Android and iOS) and via the website, we use the push message service of 650 Industries Inc. (“Expo”), 624 University Ave #1, Palo Alto, CA 94301, USA.

(2) We use push notifications to update you about waiting times or when the washing machine or dryer can be loaded, for example.

(3) For this purpose, a key is generated on your terminal device, with which the device/app combination can be uniquely identified and addressed with so-called Instance IDs. This key and the notification are transmitted to Expo. If you use our iOS app, Expo transmits a notification request along with this data to the “Apple Push Notification Service”, which executes the notification. If you use our Android app or the website, Expo transmits a notification request along with the data to the “Firebase Cloud Messaging” service of Google, which executes the notification in this case.

You can find Expo’s Data Protection Declaration at https://expo.io/privacy. The Data Protection Declaration for the Apple Push Notification Service and the Firebase Cloud Messaging can be found at https://www.apple.com/legal/privacy/en-ww/ (Apple) and https://firebase.google.com/support/privacy (Firebase Cloud Messaging).

(4) We ensure that no personal data is contained in the notifications; however, the following data is also sent to Expo when transmitting the key and the data for technical purposes:

- Device model
- Device language
- Operating system and version
- Browser type and version
- Device time zone
- IP address

(5) Before we send you push notifications, we ask that you give your consent to this. If you do not give us this consent, we cannot send you push notifications. The data processing is therefore based on your consent (Art. 6 (1) letter a GDPR) in this regard.

(6) To this extent, Expo works for us as a data processor, and personal data is transferred to the United States in the process. For this purpose, Expo has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

(7) You can revoke your consent to receive push notifications at any time as follows:

a) When using our mobile app: If you no longer wish to receive notifications, you can block the notifications in your smartphone settings or switch off the notifications in the settings of our app.

b) When accessing our website: You can withdraw your consent to receive notifications at any time via the settings of your browser. If you do not wish to receive any push notifications in the future, follow the browser-specific instructions to unsubscribe. You can also find detailed information in the settings of the respective browser under the “Enable or Deactivate Notifications” keywords.

13. Real-time information

(1) In order to provide you with real-time information, we use the services “Cloud Firestore” and “Firebase Authentication” of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

(2) Real-time information is, for example, information about your selected laundry room and the status of your reservations. However, the information retrieved in this regard is exclusively anonymous data that prevents any identification of you as a person.

(3) While using our app, your terminal device creates a connection to these services in order to retrieve the real-time information. In addition, the following data is also transmitted for technical purposes:

- Device model
- Device language
- Operating system and version
- Browser type and version
- Device time zone
- IP address

The accesses are logged and deleted after a few weeks. You can find additional information in the Data Protection Declaration for Firebase at https://firebase.google.com/support/privacy.

(4) The processing is necessary for the fulfilment of the contract for the use of the services of WeWash, whose contracting partner is the respective user (Art. 6 para. 1 letter b GDPR).

(5) Google works as our data processor to this extent and has submitted to the EU-US Privacy Shield for the cases in which personal data is transferred to the United States, https://www.privacyshield.gov/EU-US-Framework.

14. Collection, processing and use of personal data when you contact us

If you contact us due to an enquiry or another concern, we will store the data communicated by you (your email address, if applicable your name and telephone number) in order to answer your request/your concern. We will delete the data in this context after the storage is no longer required, or we will restrict processing if statutory retention obligations exist.

15. Processing customer requests

(1) We use the Zendesk ticket system, a customer service platform of Zendesk Inc., to process customer requests via our website and mobile app. 989 Market Street, 300, San Francisco, CA 94102. To process your request, the following data will be collected via our website or our app to process and answer your concerns:

- Email address,

- First and last name,

- Language setting and

- assigned laundry room (including address)

Zendesk is a certified participant of the so-called “Privacy Shield Framework” and thus meets the minimum requirements for a legally compliant order data processing.

If you contact us via email or via the form on the website, we will only process and use the personal data transmitted by you for the processing of the specific request. The specified data will be treated confidentially. The processing of the data entered into the contact form is based on Art. 6 Para. 1 lit. f GDPR.

For more information on data processing by Zendesk, see the Zendesk Data Privacy Statement under http://www.zendesk.com/company/privacy.

(2) We use the service of Telephone-Direct-Marketing GmbH (“T.D.M”), Käthe-Paulus-Straße 12, 31157 Sarstedt, for enquiries that reach us via our hotline. All requests via our hotline are accepted by T.D.M. and entered into the Zendesk ticket system. T.D.M. collects and uses your personal data to the extent necessary in order to process your request. The legal basis of the survey is Art. 6 Para. 1 lit. f GDPR. The specified data will be treated confidentially.

You can also register by telephone for the first time via T.D.M. In this case, the data specified under Clause 5 will be collected. The legal basis for the collection and processing of the data for registration is Art. 6 Para. 1 lit. b GDPR. If necessary, some conversation sections are recorded via audio clips. You will be informed in good time prior to the recording and asked whether you agree with the recording. Payment information is expressly excluded from the recording.

16. Contact and customer management

Our registration and contact service allows you to contact us and register for our services. For this, we use services from Salesforce.com Inc, Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA (“Salesforce.com”). In the course of the registration or contact recording process, the following personal data will be collected and stored at Salesforce.com:

- Title,

- First name,

- Surname,

- Company,

- Email address,

- Phone number and

- Free text with potentially additional personal data.

This personal data is treated confidentially. Salesforce.com operates a so-called CRM System (Customer Relationship Management System). Your personal data is required for us in order to contact you as well as for the contract and service administration with our customers. Salesforce.com stores your personal data in a European data centre. Transferring your personal data to a receiving country outside of the European Union – for example in the USA – is not intended. The processing of your data takes place on the basis of Art. 6 Para. 1 lit. f GDPR.

For more information on data processing by Salesforce.com, please refer to the Data Protection Declaration of Salesforce.com at: https://www.salesforce.com/de/company/privacy/

17. Use of Pardot

We use the Pardot Marketing Automation System (“Pardot MAS”) from Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA (“Pardot”). Pardot is a Salesforce software module for recording and evaluating the use of a website by website visitors. Personal data provided voluntarily are first stored in Pardot and then processed with the Salesforce CRM system for contact purposes and/or for sending information. Salesforce does not store any IP addresses, but instead uses the individual assignment features “unique visitor ID” and “unique identifier”. No connection between such features and a person’s identity can be made.

When you visit our website, the PARDOT MAS records your click path and from it creates an individual usage profile using a pseudonym. For this purpose, cookies are used that enable the recognition of your browser. The cookies set are a “visitor cookie” and a “Pardot app session 5 cookie”. An identification number is generated via the “visitor cookie” and this number is used to recognise the website visitor’s browser. The identification number is a generated number code that has no meaning whatsoever outside of Pardot Services. The “Pardot app session cookie” is only set if a customer logs into the Pardot app as a user. All cookies only receive the generated number code.
For general information on cookies and their administration (e.g. consent), please refer to Clause 19 of this data privacy notice.

In addition to the procedure described in Clause 19 (consent via the consent banner), you can also prevent participation in this tracking procedure as follows: configure your Internet browser so that cookies from the domain “pardot.com” are not accepted.
E-mails sent using Pardot use tracking technologies. We use these data to find out which topics are of interest to you by tracking whether our e-mails are opened and which links you click. We then use this information to improve the e-mails which we send you and the services we provide.
When Pardot is used, data are transferred to the USA. Pardot is subject to the binding corporate rules of the Salesforce Group. These rules have been reviewed and approved by European data privacy authorities. Pardot is therefore obliged to maintain a high level of data privacy at all times.

18. Transmission of location data and Google Maps

(1) After logging into our mobile app or our website, laundry rooms will be displayed to you on an interactive map in your area. You can only use this function after you have agreed via a pop-up that we can collect your location data for the purposes of rendering services using GPS and your IP address. You can allow or revoke the function at any time in the settings of the mobile app or your browser.

(2)After logging in to our website or our mobile app, you will be shown a Google Maps map on the home page. We use Google Maps API applications for this. This allows us to show the interactive map directly in our app or our website and enables you to use the map function conveniently. This application is required for the functionality and provision of our contents and services. We use Google Maps to display the respective location of the laundry rooms.

(3) By visiting the website, Google receives the information that you have accessed the corresponding sub-page of our website. In addition, the data listed under Clause 3 of this data protection declaration will be transmitted. This is done irrespective of whether Google provides a user account with which you are logged in or whether there is no user account. If you are logged into Google, your data will be assigned directly to your account. If you do not wish to assign your profile at Google, you must log out before activating the button. Google stores your data as a usage file and uses it for purposes of advertising, market research and/or design of its website in accordance with requirements. Such an analysis is carried out in particular (even for users not logged in) in order to provide advertising in accordance with requirements and to inform other users of the social network about your activities on our website. You have a right to object to the formation of these user profiles, wherein you must contact Google in order to exercise this right. You can use the Google Terms of Use under: https://policies.google.com/terms?hl=de see You can find the additional terms of use for Google Maps/Google Earth at: https://maps.google.com/help/terms_maps. There, you will also receive additional information on your rights and settings to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

19. Cookies

(1) We use cookies on our website and in our mobile app. Cookies are small text files that are stored on your hard drive and are assigned to the browser used by you or your operating system and in doing so provide us with certain information.

We also use so-called counting pixels. When you visit our website, image or text files are retrieved that allow us to obtain specific information and, in particular, to track your usage behaviour on our website. Counting pixels differ from cookies technically, in particular, but they also require consent, if necessary. In this respect, the term “cookies” in this Data Protection Declaration also includes pixels.

There are first-party and third-party cookies. They are first-party cookies if they are set by the operator of the website as the controller for the processing of data or by a data processor engaged by the controller. Third-party cookies are set and read by other controllers, i.e. not by the website operator or its data processors.

There are also transient and persistent cookies. Transient cookies are cookies that are automatically deleted when you close your browser. Persistent cookies remain on the device for a specific period of time even after the browser is closed.

Depending on the function, cookies are either consent-free or require consent. Consent-free cookies are those that are absolutely necessary so that the provider of a service can render the service desired by the user. Furthermore, cookies are also consent-free if they only serve to carry out the transfer of information within an electronic communication network. Other cookies are cookies that require consent.

If and to the extent to which consent is required for the use of certain cookies, these cookies will only be set if you have consented to this. We display a so-called “consent banner” to you on our website. By pressing the button provided, you can consent to the use of all cookies listed in this Data Protection Declaration. You can also perform a custom selection of cookies by checking the “Preferences”, “Statistics”, and “Marketing” boxes. You can also change the selections you have made at a later time. This can be done in the settings of the website.

We will also store your consent and your selection as cookies so that we can determine whether and to what extent you have already granted consent.

Name: CookieConsent (first-party cookie)
Requires consent: no
Persistent: 12 months

You can also manage the use of cookies via your browser. Different browsers offer various methods for configuring the cookie settings in the browser. For more detailed information on this, see for example http://www.allaboutcookies.org/ge/cookies-verwalten/.

We would like to point out that you may not be able to use all functions of our website if you deactivate all cookies or, for example, absolutely necessary cookies.

For information on the cookies we use please see our cookie declaration at https://we-wash.com/en/cookie-declaration/

20. Google Analytics

On our website we use Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses “cookies”, i.e. Text files that are stored on your device and enable analysis of the use of our services by you. The information generated by the cookie about your use of our services is usually transmitted to a Google server in the USA and stored there. Through the activation of IP anonymisation on our website and in our mobile app, your IP address will be shortened beforehand by Google, however, within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of WeWash, Google will use this information to evaluate your use of our services in order to compile reports about the app and website activities and to provide additional services connected with the app and website use and internet use to WeWash. The IP address transmitted by your device within the framework of Google Analytics is not merged with other data from Google.

Name: _ga (first-party cookie)
Purpose: Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Requires consent: yes
Persistent: 24 months

Name: _gat (first-party cookie)
Purpose: Is used by Google Analytics to restrict the demand rate
Requires consent: yes
Persistent: 24 hours

Name: _gid (first-party cookie)
Purpose: Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
Requires consent: yes
Persistent: 24 hours

For general information on cookies and their administration (e.g. consent), please refer to Clause 19 of this Data Protection Declaration.

In addition to the procedure described in Clause 19 (consent via the consent banner), you can prevent participation in this tracking method as follows: You can prevent the storage of cookies by adjusting your browser software; however, we point out that in this case you may not be able to use all functions of this website in full. You can also prevent the collection of data generated by the cookie and related to your use of the website (incl. your IP address) to Google and the processing of this data by Google by downloading and installing the browser plug-in available under the following link (https://tools.google.com/dlpage/gaoptout?hl=de).

We use Google Analytics to analyse and regularly improve the use of our services. We can improve our offering through the statistics obtained and make it more interesting for you as a user.

Google has submitted to the EU-US Privacy Shield for the exceptional cases in which personal data is transferred to the USA, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Para. 1 Sentence 1 lit. a GDPR.

For more information on terms of use and data protection, see https://www.google.com/analytics/terms/de.html or under https://www.google.de/intl/de/policies/. We would like to point out that Google Analytics has expanded the code “ga(‘set’,‘anonymizeIp’,true)” to ensure an anonymous recording of IP addresses (so-called IP masking). As a result, IP addresses are processed further in shortened form and direct reference to persons can therefore be excluded.

The use of Google Analytics takes place in accordance with the prerequisites on which the German data protection authorities reached agreement with Google. Information from the third-party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: http://www.google.com/analytics/terms/de.html, Overview of data protection: http://www.google.com/intl/de/analytics/learn/privacy.html, as well as the Data Privacy Statement: http://www.google.de/intl/de/policies/privacy

21. Use of Google reCAPTCHA

We use Google ReCAPTCHA to review and avoid interactions on our website by automated or automatic access, in particular by so-called bots. This is a service of Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (Google).

For this, Google collects and analyses from which IP address a request is sent. In addition to your IP address, additional information, in particular for your location, may be collected by Google, which is necessary for this service.

Google has submitted to the EU-US Privacy Shield for the cases in which personal data is transferred to the USA, https://www.privacyshield.gov/EU-US-Framework.

The legal basis is Art. 6 Para. 1 lit. f GDPR. Our legitimate interest lies in the security of our website and in the defence of undesired, automated access in the form by Bots and in avoiding spam.

For more information on data processing by Google, see: https://policies.google.com/privacy?hl=de

22. Use of Google Adwords

(1) We use the service from Google Adwords to draw attention to our attractive offers by means of advertising media (so-called Google Adwords) on external websites. In relation to the data of the advertising campaigns, we can determine how successful the individual advertising measures are. We are therefore interested in displaying to you advertising that is of interest to you to make our website more interesting and to achieve a fair calculation of advertising costs.

(2) These advertising media are delivered by Google via so-called “ad servers”. For this purpose, we use ad server cookies to measure the specific parameters for success measurement, such as Display of the advertisements or clicks by the users. If you access our website via a Google ad, a cookie is stored on your PC by Google Adwords. These cookies generally lose their validity after 30 days and should not serve to identify you personally. As analysis values, the unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (marking that the user no longer wants to be contacted) are usually stored for this cookie.

These cookies enable Google to recognise your internet browser. If a user visits certain pages of the website of an Adwords customer and the cookie stored on his computer has not yet expired, Google and the customer can recognise that the user has clicked on the display and has been forwarded to this page. Each Adwords customer is assigned a different cookie. Cookies cannot therefore be traced across the websites of Adwords customers. We do not collect and process any personal data in the aforementioned advertising measures ourselves. We only receive statistical evaluations from Google. Based on these evaluations, we can recognise which of the advertising measures used are particularly effective. We do not receive further data from the use of the advertising media, in particular we cannot identify users based on this information.

Name: pagead/1p-user-list/# (third-party cookie)
Requires consent: yes
Transient

Name: _gcl_au
Requires consent: yes
Persistent: 3 months

For general information on cookies and their administration (e.g. consent), please refer to Clause 19 of this Data Protection Declaration.

(3) Due to the marketing tools used, your browser automatically establishes a direct connection to the Google server. We have no influence on the scope and further use of the data that is collected by Google through the use of this tool and therefore inform you in accordance with the our knowledge: By integrating AdWords Conversion, Google receives the information that you have called up the corresponding part of our website or have clicked on a display from us. If you are registered with a Google service, Google can associate your visit with your account. Even if you are not registered with Google or have not logged in, there is the possibility that the provider will find out and store your IP address.

(4) You can prevent participation in this tracking method in addition to the procedure described in Clause 19 (consent via the consent banner) in different ways a) by a corresponding setting of your browser software, in particular the suppression of third-party cookies results you not receiving any ads from third-party providers; b) by deactivating the cookies for conversion tracking by setting your browser so that cookies from the domain “www.googleadservices.com”, https://www.google.de/settings/ads are blocked, wherein this setting is deleted if you delete your cookies; c) by disabling the interest-related display of the providers which are part of the self-regulatory campaign “About Ads”, via the link http://www.aboutads.info/choices, wherein this setting is deleted if you delete your cookies; d) by permanent deactivation in your browsers Firefox, Internet Explorer or Google Chrome under the link http://www.google.com/settings/ads/plugin. Please note that in this case, you may not be able to use all functions of this offer in full.

(5) The legal basis for the processing of your data is Art. 6 Para. 1 Sentence 1 lit. f GDPR. Further information on data protection at Google can be found here: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org . Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

23. Use of Hotjar

Our website uses Hotjar, an analysis software of Hotjar Ltd. (“Hotjar”), 3 Lyons Range, 20 Bisazza Street, Sliema SLM 1640, Malta. With Hotjar, it is possible to measure and evaluate the usage behaviour on our website in the form of clicks, mouse movements, scroll heights, etc. The information generated by the “tracking code” and “cookie” is transmitted to the Hotjar server in Ireland and stored there.

Name: _hjid (third-party cookie)
Requires consent: yes
Persistent: 1 year

For general information on cookies and their administration (e.g. consent), please refer to Clause 19 of this Data Protection Declaration.

The following data is collected and processed when using Hotjar:

- IP address in anonymised form

- Screen size of your device

- Device type and browser information

- Geographical position (only the country)

- Preferred language

- Date and time of accessing the site

Hotjar stores this information in a pseudonymised user profile. The information is neither used by Hotjar nor by us to identify individual users or merged with additional data about individual users. The legal basis is Art. 6 Para. 1 Sentence 1 lit. a GDPR. For more information, see: https://www.hotjar.com/legal/policies/privacy

In addition to the procedure described in Clause 19 (consent via the consent banner), you can prevent participation in this tracking method as follows: You can object to the storage of a user profile and information about your visit on our website by Hotjar and the setting of Hotjar tracking cookies on other websites via this link: https://www.hotjar.com/legal/compliance/opt-out

24. Use of LinkedIn Tracking and Marketing

On our website, we use the tracking and remarketing technology of the LinkedIn platform. With this technology from LinkedIn, you are shown more relevant advertising based on your interests. If you have given your consent, cookies will be set that create in particular an individual visitor ID and will be saved on your device. Within the LinkedIn platform, this visitor ID can be recognised. It can be used to display our advertising to you.

We also receive anonymous reports aggregated by LinkedIn of advertising activities and information about how you interact with our website.

Name: bcookie (third-party cookie)
Requires consent: yes
Persistent: 24 months

Name: bscookie (third-party cookie)
Requires consent: yes
Persistent: 24 months

Name: lidc (third-party cookie)
Requires consent: yes
Persistent: 1 day

Name: UserMatchHistory (third-party cookie)
Requires consent: yes
Persistent: 29 days

Name: lang (third-party cookie)
Zweck: Saves the language version of a website selected by the user.
Requires consent: yes
Transient

Name: lang (third-party cookie)
Zweck: Set by LinkedIn if a webpage contains an embedded “Follow us” window.
Requires consent: yes
Transient

Name: LinkedIn-Pixel
Requires consent: yes
Transient

For general information on cookies and their administration (e.g. consent), please refer to Clause 19 of this Data Protection Declaration.

In addition to the procedure described in Clause 19 (consent via the consent banner), you can prevent participation in this tracking method as follows: You can also generally object to the analysis of your usage behaviour by LinkedIn as well as the display of interest-based recommendations by contacting LinkedIn (“Opt-Out”); to do this, click on the “Reject on LinkedIn” field (for LinkedIn members) or “Reject” (for other users) at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Further information on data protection at LinkedIn can be found here:  https://www.linkedin.com/legal/privacy-policy#choices-oblig.

25. Use of Sentry

We use the open source software Sentry (https://github.com/getsentry) to maintain the stability, security and optimisation of our service. To this end, error messages and crash reports are transmitted to us, containing only anonymous or anonymised details of the device, browser and usage data that help us recreate the error.

This only happens with your consent, which you can grant or revoke during registration or in the profile settings after you log in“

We run Sentry with our hosting service provider on German servers (see “Hosting Service”). No transfer to third countries or other parties takes place. The data collected will be used exclusively for the purposes stated in this paragraph and will be deleted after 90 days.

26. Newsletter

If you opt for our newsletter service, we will inform you about our current offers via the email address you stipulated. You can only receive the newsletter if you specify a valid email address. For legal reasons, a confirmation email in the double opt-in procedure is sent to the e-mail address entered by you for the first time for the newsletter dispatch. This confirmation email serves to check whether you have actually authorised the receipt of the newsletter as the holder of the e-mail address.

When registering for the newsletter, we also save the IP address assigned by the Internet Service Provider (ISP) to the computer system used by the data subject as well as the date and time of the registration. The collection of this data is necessary in order to be able to understand the (possible) misuse of the e-mail address of a data subject at a later point in time and therefore serves the legal protection of the person responsible for processing. The legal basis for the collection of your data and the sending of the newsletter is your consent pursuant to Art. 6 Para. 1 lit. a GDPR.

The personal data collected in the context of a registration to the newsletter will be used exclusively to send our newsletter. In addition, subscribers of the newsletter may be informed by e-mail if this is necessary for the operation of the newsletter service, e.g. in the event of changes to the newsletter service or in the change of the technical circumstances.

The newsletter is sent via “MailChimp”, a newsletter dispatch platform of the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The e-mail addresses and data further described under this clause are stored on the servers of MailChimp in the USA. MailChimp uses this information for shipping and for the evaluation of the newsletter on our behalf. In addition, MailChimp can use this data to optimise or improve its own services, e.g. for technical optimisation of the shipping and presentation of the newsletter or for economic purposes to determine from which countries the recipients come from. However, MailChimp does not use the data of our newsletter recipients to write to them themselves or to forward them to third parties.

We trust the reliability and IT and data security of MailChimp. MailChimp is certified under the US EU data protection agreement “Privacy Shield” and agrees to comply with the EU data protection requirements. In addition, we have concluded a contract for order processing with MailChimp. This is a contract in which MailChimp is obliged to protect the data of our users in accordance with our data protection provisions on our behalf and in particular not to pass it on to third parties. You can view the data privacy policy of MailChimp view under the following link: https://mailchimp.com/legal/privacy/

If you do not wish to receive any more newsletters from us later, you can object to this at any time without incurring any costs for this other than the transmission costs according to the basic rates. A notification in text form (e.g. e-mail, letter) to d dataprotection@we-wash.comor the contact data specified in Clause 32 is sufficient for this.

27. Transfer of data to third parties

The transmission of your personal data to third parties for purposes other than those listed below does not take place. We only forward your personal data to third parties if:

- you have given your explicit consent to this in accordance with Art. 6 Para. 1 Sentence 1 lit. a GDPR,

- the disclosure pursuant to Art. 6 Para. 1 Sentence 1 lit. f GDPR is required for asserting, exercising or defending legal claims and is not a reason for which you have a disproportionate interest in the non-disclosure of your data,

- in the case that there is a legal obligation for the disclosure under Art. 6 Para. 1 Sentence 1 lit. c GDPR, as well as

- this is legally permissible and is required in accordance with Art. 6 Para. 1 Sentence 1 lit. b GDPR for the handling of contractual relationships with you.

28. Your rights as a data subject

(1)   Right to confirmation

You have the right to request confirmation of whether personal data relating to you is processed.

(2) Right to information

In accordance with Art. 15 GDPR, you have the right to receive free information about your stored personal data and a copy of this information at any time. Furthermore, you are entitled to information about the following:

- processing purposes;

- the categories of personal data processed;

- if possible, the planned duration for which the personal data is stored or, if this is not possible, the criteria for determining this duration;

- the existence of a right to rectification or deletion of the personal data relating to you or to restrict processing by the controller or a right of objection against this processing;

- the existence of a right of complaint to a supervisory authority;

- if the personal data is not collected from the data subject: all available information about the origin of the data;

- the existence of automated decision-making including profiling according to Article 22 1 and 4 GDPR and — at least in these cases — meaningful information about the involved logic as well as the scope and the desired effects of such processing for the person concerned.

In addition, you are entitled to information on whether your personal data was transmitted to a third country or an international organisation. If this is the case, then you are entitled to receive information about the appropriate safeguards in connection to the transmission.

(3)    Right to rectification

Pursuant to Art. 16 GDPR, you have the right to demand immediate rectification of the incorrect personal data. In addition, you are entitled to demand the completion of incomplete personal data, including via a supplementary declaration, taking into account the purposes of processing.

(4)    Right to delete (right to be forgotten)

In accordance with Art. 17 GDPR, you have the right to demand that the personal data relating to you be deleted immediately, provided that any of the following applies and if processing is not required:

- Personal data was collected for such purposes or processed in any other way for which they are no longer necessary

- You have revoked your consent to the processing in accordance with Art. 6 1 lit. a GDPR or Art. 9 Para. 2 Letter a GDPR and there is a lack of a legal basis elsewhere for processing.

- In accordance with Art. 21 1 GDPR, you submit an objection to the processing and there are no priority justified reasons for processing or you are obliged to submit the processing in accordance with Art. 21 Para. 2 GDPR.

- Personal data was processed unlawfully.

- The deletion of personal data is required in order to fulfil a legal obligation under Union law or the law of member states.

- Personal data was collected in relation to services offered by the information company in accordance with Art. 8 (1) GDPR.

(5)   Right to restrict processing

According to Art. 18 GDPR, you have the right to demand the restriction of processing if one of the following conditions is met:

- The accuracy of your personal data is disputed by you for a duration that allows us to verify the accuracy of your personal data.

- Processing is unlawful, but you reject the deletion of personal data and instead demand the restriction of the use of your personal data.

- We no longer need your personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims.

- You have filed an objection against the processing pursuant to Art. 21 1 GDPR, and it is not yet clear which interests outweigh.

(6)     Right to data portability

Pursuant to Art. 20 GDPR, you have the right to receive your personal data collected by us in a structured, common and machine-readable format and can transmit these to another controller within the meaning of Art. 4 No. 7 GDPR, as long as processing is based on consent pursuant to Art. 6 Para. 1 lit. a GDPR or Art. 9 Para. 2 Letter a GDPR or in a contract according to Art. 6 Para. 1 lit. b GDPR and the processing is done by means of automated procedures. This right does not apply to processing that is required for the exercise of a task which is in public interest or takes place in the exercise of public authority which has been transferred to us.

In addition, when exercising your right to data portability, you have the right to obtain your personal data directly from another controller to the extent that this is technically feasible and if the rights and freedoms of other persons are not impaired by this.

(7)    Right to appeal

You have the right to object to the processing of your personal data at any time against the processing of your personal data, which is done based on Art. 6 Para. 1 lit. e or Letter f GDPR. This also applies to profiling based on these provisions.

In the event of the objection, we do not process your personal data unless there are protectable reasons for processing that outweigh your rights and freedoms. Processing is also possible if it serves to assert, exercise or defend legal claims.

If we process your personal data for the purpose of direct advertising, you have the right to object to processing for the purposes of such advertising at any time. This also applies to profiling, insofar as it is associated with such direct advertising.

(8)   Automated decisions in individual cases including profiling

You have the right not to be subject to a decision based solely on an automated processing — including profiling — which is legally valid towards you, or which considerably impairs you in a similar way if the decision (i) is not necessary for the conclusion or the fulfilment of the contractual relationship existing with us, or (ii) is permissible on the basis of legal provisions and these legal provisions include appropriate measures to uphold your rights and freedoms or (iii) is done with your explicit consent.

If the decision (i) is required for the conclusion or fulfilment of the contractual relationship between us or (ii) if it is done with your express consent, we will take appropriate measures to protect your rights and freedoms as well as your legitimate interests.

(9) Right to revoke a data protection consent

You can revoke your consent to the processing of your personal data at any time.

To exercise your rights listed under this clause, you can contact us by e-mail at any time at dataprotection@we-wash.com or via the contact details specified in Section 32.

29. Data minors

Non-adult persons should not transmit personal data to us without the consent of the parents or guardians. Persons under 16 years of age cannot give consent to the processing of their personal data without the consent of their parents.

30. Links to other websites

Our online offering contains links to other websites. We do not have any influence over their operators complying with the data protection provisions.

31. Change of our privacy policy

An adjustment of the data protection notification takes place insofar as this is necessary in order to reflect data protection relevant changes to our services in the data protection notification, e.g. in the introduction of new services or to meet the current legal requirements.

32. Contact details

WeWash GmbH
Sendlinger-Tor-Platz 10
80336 Munich
Email: dataprotection@we-wash.com

Data Protection Officer: Timo Epp