Stand 19.02.2026
Privacy Policy for the website Water-i.d.® GmbH
General
We take the protection of personal data very seriously. We treat personal data confidentially and in accordance with statutory data protection regulations, as well as on the basis of this privacy policy. The legal basis can be found in particular in the General Data Protection Regulation (GDPR) and, in addition, in the Federal Data Protection Act (BDSG) and the Telecommunications and Digital Services Data Protection Act (TDDDG).
When you use our website, various types of personal data are processed depending on the nature and extent of your use. Personal data is information relating to an identified or identifiable natural person (hereinafter referred to as the 'data subject'); an identifiable natural person is one who can be identified, directly or indirectly (e.g. by association with an online identifier). This includes information such as name, address, telephone number and date of birth.
In principle, you are not obliged to provide us with your personal data. However, if you do not do so, we will not be able to make our website available to you without restriction or respond to your enquiries. Personal data that we do not strictly require for the aforementioned processing purposes is marked accordingly as voluntary information.
This privacy policy informs you, in accordance with Article 12 et seq. of the GDPR, about how your personal data is handled when you use our website. In particular, it explains what data we collect, how we do so and why we need the data.
Data Controller
The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data (e.g. name, email address, etc.). The controller within the meaning of the GDPR and the applicable national data protection laws (in particular the BDSG) as well as other data protection regulations is:
Water-i.d. GmbH
Daimlerstr. 20
76344 Eggenstein-Leopoldshafen
Germany
T: +49 (0) 721 - 78 20 29 – 0
E: info@water-id.com
Data Privacy Officer
Robin Rastetter
Water-i.d. GmbH
Daimlerstraße 20
76344 Eggenstein-Leopoldshafen
Germany
0721/782029-17
Data processing on our website
Accessing and visiting the website (server log files)
For the purpose of the technical provision of the website, it is necessary for us to process certain information automatically transmitted by your device. This information is collected each time our website is accessed and stored in so-called server log files. This includes:
- IP address of the requesting device
- Date and time of access
- Access status
- Amount of data transferred in bytes
- Browser type, operating system, interface, browser language, browser software version
- Referrer URL
- Content of the request or details of the file accessed, which was transmitted to the user
The personal data collected is stored for a maximum of 14 days.
Where you use our website to find out about our range of products and services or to use them, the legal basis for the temporary storage and processing of access data is Article 6(1)(b) GDPR and Section 25(2) TDDDG, which permits the processing of data for the performance of a contract or for the implementation of pre-contractual measures. In addition, Article 6(1)(f) GDPR and Section 25(2) of the TDDDG serve as the legal basis. Our legitimate interest in this regard is to be able to provide you with a technically functional and user-friendly website, as well as to ensure the security of our systems.
We work with an external service provider for this purpose. We store our hosting data on a root server with the responsible service provider:
netcup GmbH
Emmy-Noether-Straße 10
76131 Karlsruhe, GERMANY
We have concluded a data processing agreement with netcup GmbH in accordance with Article 28 (3) GDPR. You can find netcup GmbH's privacy policy at https://www.netcup.com/de/kontakt/datenschutzerklaerung.
Cookies
General
We use so-called "cookies" on our website. Cookies do not cause any damage to your computer and do not contain viruses. Cookies serve to make our website more user-friendly, effective and secure, as well as to enable the provision of certain functions. Cookies are small text files that are stored on your computer and saved by your browser. A cookie contains a unique string of characters that enables your browser to be uniquely identified when you visit the website again.
We use the following cookies:
Session cookies
- Temporary cookies (e.g. cookies for analytical purposes, plugins, etc.)
Cookies are automatically accepted by most browsers. Cookies can be deleted individually or in their entirety in the respective browser. If you completely disable cookies in your browser settings, this may mean that not all functions of our website are available for you to use.
Session cookies
We use session cookies to determine that you have visited our website and individual pages. Session cookies store a session ID and do not provide any information about your identity. The information is deleted as soon as you close your browser. Session cookies ensure the technical functionality of the website and enable a user-friendly design. Session cookies store a 'session ID' and an 'XRSF token' to assign requests to an active session and to protect against cross-site attacks.
Temporary cookies
Some of the cookies we use on our website are provided by third parties who help us analyse the impact of our website content and the interests of our visitors, measure the performance of our website, or place targeted advertising and other content on our website or other websites.
Legal basis
Cookie-based data processing is primarily carried out on the basis of the consent you have given in accordance with Article 6(1)(a) GDPR and Section 25(1) of the TDDDG. In addition, Article 6(1)(c) GDPR, Section 25(2) TDDDG and Article 6(1)(f) GDPR, Section 25(2) of the TDDDG serve as the legal basis. Our legitimate interest in this regard is to be able to provide you with a technically functional and user-friendly website, as well as to ensure the security of our systems.
Contact
Where you contact us within the framework of an existing contractual relationship or contact us in advance to obtain information about our range of services or our other services, the data and information you provide will be processed for the purpose of processing and responding to your contact enquiry in accordance with Article 6(1)(b) GDPR (performance of a contract). Otherwise, data processing is carried out to safeguard our legitimate interests in accordance with Article 6(1)(f) GDPR for the purpose of responding appropriately to customer and contact enquiries. If you have given us your consent, data processing is based on Article 6(1) (a) GDPR.
Contact form
If you send us enquiries via the contact form, your message, including the contact details you provide there, will be stored by us and processed accordingly for the purpose of processing and responding to the enquiry, as well as in the event of follow-up questions. We do not pass this data on to third parties unless this is necessary in the context of processing and responding to your contact enquiry or you have given us your consent to do so.
To process and respond to your enquiry, we generally process the following personal data from you:
- Email address
- First name and surname
- Any personal data provided proactively (message field)
Contact via telephone and email
If you send us enquiries by email, telephone or fax, your message, including the personal data you have provided (name, email address, telephone number, fax number, etc.), will be stored by us and processed accordingly for the purpose of processing and responding to the enquiry, as well as in the event of follow-up questions. We do not pass this data on to third parties unless this is necessary in the context of processing and responding to your enquiry or you have given us your consent to do so.
E-Mail-Versand
Für den Versand von E-Mails nutzen wir Microsoft Graph-API, eine Dienstleistung der
Microsoft Ireland Operations Ltd.
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18, IRLAND.
Mit Microsoft Ireland Operations Ltd. haben wir einen Auftragsverarbeitungsvertrag nach Art. 28 Abs. 3 DSGVO geschlossen. Diesen können Sie unter https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA?year=2021 einsehen.
Plugins
Session cookies
We use session cookies. These store a session ID and an XRSF token to enable us to assign requests to the active session and to protect against cross-site attacks.
The legal basis for processing is Article 6(1)(f) GDPR, Section 25(2) of the TDDDG. Our legitimate interest here is to be able to provide you with a technically functional and user-friendly website, as well as to ensure the security of our systems.
Cookie Consent Management
We use our own consent management service (Cookie Consent Management). This service enables us to obtain your consent to the storage of certain cookies and to document and manage this in accordance with data protection regulations. To associate the consents given or any withdrawal thereof, we store a cookie in your browser. We are the data controller for this service under data protection law and process the following personal data:
- IP address
- the services you have consented to
- Random ID
When you give us your consent, you are assigned a random ID so that we can track and verify your consent under data protection law. Your ID changes with every change to your consent.
Your visitor preference is stored in your browser for 12 months. We store information regarding consents given for 13 months in order to comply with our legal obligation to provide evidence.
The legal basis for this use is Article 6(1)(c) GDPR and Section 25(2) TDDDG, to obtain the legally required consent for the use of certain technologies.
Google Analytics
| Description of the service | Website usage analysis |
|---|---|
| Purposes of data processing | Statistics and website optimization |
| Legal basis | Consent |
YouTube
Wir nutzen Plugins des Social-Media-Diensts „YouTube“ des datenschutzrechtlich verantwortlichen Anbieters
Google Ireland Limited
Gordon House, Barrow Street
Dublin 4, IRLAND.
Auf unserer Website finden Sie an verschiedenen Stellen Videos, die Sie mit Hilfe von YouTube anschauen können. Bei YouTube nutzen wir die sog. „No-Cookie-Funktion“, d.h. es ist der sog. erweiterte Datenschutzmodus aktiviert. YouTube-Videos werden nicht über youtube.com, sondern über youtube-nocookie.com aufgerufen. Dadurch werden keine Cookies auf Ihrem Endgerät gespeichert.
Wenn Sie den Wiedergabe-Button eines eingebundenen Videos anklicken, wird über das Plugin eine direkte Verbindung zwischen Ihrem Browser und dem Google-Server hergestellt. Google erhält dadurch die Information, dass Sie mit Ihrer IP-Adresse unsere Website besucht haben. Sollten Sie gleichzeitig in Ihrem YouTube-Benutzerkonto eingeloggt sein, ermöglichen Sie Google, Ihr Surfverhalten direkt Ihrem persönlichen Profil zuzuordnen. Wünschen Sie dies nicht, loggen Sie sich bitte vor dem Besuch unserer Website aus Ihrem YouTube-Benutzerkonto aus.
Außerdem haben Sie über das YouTube-Logo Zugriff auf unseren offiziellen Videokanal bei YouTube.
Weitere Informationen finden Sie in der Google-Datenschutzerklärung unter: https://policies.google.com/privacy.
Wir erhalten in keinem Fall Kenntnis vom Inhalt der ggf. an Google übermittelten Daten sowie deren Nutzung durch Google.
Die Datenverarbeitung erfolgt auf Grundlage Ihrer Einwilligung (Art. 6 Abs. 1 lit. a DSGVO, § 25 Abs. 1 TDDDG).
Google reCAPTCHA
| Description of the service | Protection against misuse and spam |
|---|---|
| Responsible service | Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland |
| Data protection officer | https://support.google.com/policies/contact/general_privacy_form |
| Purposes of data processing | Protection against misuse and spam |
| Collected data | Browser language, browser plugins, click path, date and time of visit, IP address, user behavior, time spent on a page, user input, device information, mouse movements, geographic location, device operating system |
| Legal basis | Art. 6(1)(a) GDPR |
| Storage duration | 5 months and 27 days |
| Transfer to third countries | Including the USA |
Google Maps
| Description of the service | Virtual map service |
|---|---|
| Responsible service | Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland |
| Data protection officer | https://support.google.com/policies/contact/general_privacy_form |
| Purposes of data processing | Visual display on a map |
| Collected data | Date and time of visit, location, IP address, URL, usage data, search terms, geographic location |
| Legal basis | Art. 6(1)(a) GDPR, Section 25(1) TDDDG |
| Storage duration | Up to 2 years |
| Transfer to third countries | Including the USA |
OpenStreetMap
We use OpenStreetMap, a map service provided by the data controller
OpenStreetMap Foundation
St John’s Innovation Centre
Cowley Road, Cambridge
CB4 0WS, United Kingdom
OpenStreetMap processes the following personal data, amongst other things:
- IP address
- Date and time of access
- Access status
- Amount of data transferred in bytes
- Browser type, operating system, interface, browser language, browser software version
- Website from which the user accessed the site (so-called referrer URL)
- Time difference between the requesting host and the web server,
- Content of the request or details of the file accessed, which was transmitted to the user
Further information can be found in the OpenStreetMap Foundation's privacy policy at: https://wiki.osmfoundation.org/wiki/Privacy_Policy?tid=331731324872.
Die Verarbeitung der personenbezogenen Daten erfolgt auf Grundlage Ihrer Einwilligung (Art. 6 Abs. 1 lit. a DSGVO, § 25 Abs. 1 TDDDG).
Data transfer to third countries
We usually process your personal data in a Member State of the European Union or another signatory state to the Agreement on the European Economic Area (Decision 94/1/EC). Where data is transferred to service providers based outside the EU or the EEA, an adequacy decision pursuant to Article 45 GDPR is in place for the relevant countries (currently: the USA), which ensures a level of data protection in line with the requirements of the GDPR and permits data transfer without specific authorisation. Unless otherwise stated, service providers based in the USA are certified under the applicable EU-US Data Privacy Framework.
Further data processing by external service providers is beyond our control. Your data may be processed in third countries that do not guarantee the same level of protection under data protection law as within the EU. You can find details in the respective privacy policies of the service providers, to which we have provided links.
Duration of data storage
We generally process and store your personal data only for as long as the respective purpose of use requires such storage. This may also include the periods of contract initiation and contract fulfilment. If you have given us your consent for a specific data processing activity, we will store the relevant data for as long as your consent remains valid. Unless otherwise stated, you can find details regarding the duration of the storage of your personal data by third-party providers in the privacy policy of the service provider responsible under data protection law. We have provided links to these where appropriate.
Once the purpose of use has been fulfilled or you have withdrawn your consent, we will delete your personal data immediately, unless statutory retention periods require us to store it for a longer period.
Your rights as a data subject
As a data subject (Art. 4(1) GDPR), you are entitled to the following rights regarding your personal data, subject to the legal requirements:
Right of access
You are entitled at any time, pursuant to Article 15 GDPR, to request confirmation from us as to whether we are processing personal data relating to you. If this is the case, you are also entitled, pursuant to Article 15 GDPR, to obtain information regarding this personal data as well as certain further details (including processing purposes, categories of personal data, categories of recipients, planned storage period, the origin of the data, the use of automated decision-making and, in the case of transfers to third countries, the appropriate safeguards) and to receive a copy of your data. The restrictions of Section 34 of the Federal Data Protection Act (BDSG) apply.
Right to rectification
You are entitled, pursuant to Article 16 GDPR, to request that we rectify the personal data we hold about you if it is inaccurate or incorrect.
Right to erasure
You are entitled, subject to the conditions set out in Article 17 GDPR, to request that we erase personal data concerning you without undue delay. The right to erasure does not apply, inter alia, where the processing of personal data is necessary, for example, to comply with a legal obligation (e.g. statutory retention obligations) or to establish, exercise or defend legal claims. Furthermore, the restrictions of Section 35 of the Federal Data Protection Act (BDSG) apply.
Right to restriction of processing
You are entitled, subject to the conditions set out in Article 18 GDPR, to request that we restrict the processing of your personal data.
Right to data portability
You are entitled, under the conditions set out in Article 20 GDPR, to request that we provide you with the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format.
Right to withdraw consent
You may withdraw your consent to the processing of personal data at any time. Please note that the withdrawal only takes effect for the future. Processing carried out prior to the withdrawal is not affected.
To withdraw your consent, an informal notification, e.g. by email to , is sufficient.
Right to object to data processing on the basis of legitimate interest
You are entitled, under the conditions set out in Article 21 GDPR, to object at any time to the processing of your data carried out on the basis of Article 6(1)(f) GDPR (data processing based on a balancing of interests), if there are grounds for doing so arising from your particular situation.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
To withdraw your consent, an informal notification, e.g. by email to , is sufficient.
Right to lodge a complaint with a supervisory authority
Under the conditions set out in Article 77 GDPR, you have the right to lodge a complaint with a competent supervisory authority. In particular, you may lodge a complaint with the supervisory authority responsible for us, the State Commissioner for Data Protection and Freedom of Information in Baden-Wuerttemberg, Tel. 0711/6155410, Email: poststelle@lfdi.bwl.de.
Other enquiries
Our Data Protection Officer is available to assist you with any further questions or concerns regarding data protection. Such enquiries, as well as the exercise of your rights as set out above, should, where possible, be sent by email to .