Privacy Policy

Data protection

We are very pleased about your interest in our company. Data protection is of a particularly high priority for the management of Wallis GmbH. The use of the Internet pages of the Wallis GmbH (hereinafter also referred to as "we") is possible without any indication of personal data. However, if a data subject wants to use special services provided by our enterprise via our website, processing of personal data could become necessary. If processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the German Data Protection Regulation (Datenschutz-Grundverordnung - DSGVO), and in accordance with the provisions of the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG). By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this data protection declaration.

As the controller, the Wallis GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can always be subject to security vulnerabilities, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.


I. Definitions

The data protection declaration of Wallis GmbH is based on the terms used by the European Directive and Ordinance Maker when issuing the DSGVO.

We use the following terms, among others, in this privacy policy:


1. Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. Person concerned

Data subject means any identified or identifiable natural person whose personal data is processed by the controller.


3. Processing

Processing is any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


4. Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.


5 Profiling

Profiling is any form of automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.


6. Pseudonymisation

Pseudonymisation is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.


7. Controller or person responsible for processing

The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.


8. Order processor

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.


9. Receiver

A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients.


10. Third party

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.


11. Consent

Consent shall mean any freely given specific and informed indication of the data subject's wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.


II. Person responsible/ data protection officer

1. The name and address of the controller

The responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:


Wallis GmbH

Grüner Deich 15D

20097 Hamburg

Hamburg Local Court HRB 161517

Phone +49 40 23728 - 0

E-Mail: info@wallis.de

2. Name and address of the data protection officer

Herr Rechtsanwalt Dr. Karsten Bornholdt

nbs partners Rechtsanwaltsgesellschaft mbH

Am Sandtorkai 41

20457 Hamburg

Phone.: +49 (0) 40 4419 60-01

E-Mail: datenschutz-wallis@nbs-partners.de

The data protection officer of the data controller can be reached by post at address shown below with the addition of "The data protection officer".

Any data subject may contact our data protection officer directly at any time with any questions or suggestions regarding data protection.


III. Processing of personal data

1. Informative visit to our website

The website of the Wallis GmbH collects a series of general data and information every time a data subject or automated system calls up the website. This general data and information is stored in the log files of the server. The following data may be collected: (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system accesses our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.


When using these general data and information, the Wallis GmbH does not draw any conclusions about the data subject. Rather, this information is needed (1) to deliver the contents of our website correctly, (2) to optimise the contents of our website and the advertising for these, and (3) to ensure the long-term operability of our information technology systems and the technology of our website. This collected data and information is anonymised by Wallis GmbH and processed in this form for the creation of usage statistics.


2. Contacting

You have the option of contacting us by e-mail as well as via a contact form provided on the website. When using the form, you are required to provide your name, a valid email address, a subject and a message. We need this information to know who the enquiry is from and to be able to answer it. In addition, you can tell us your company. The legal basis for the processing of your data is the implementation of pre-contractual measures in response to your enquiry, Art. 6 para. 1 p. 1 lit. b) DSGVO or our overriding legitimate interest pursuant to Art. 6 para. 1 p. 1 lit. f) DSGVO.


2.1 Support-Requests

We also process your personal data as part of customer support if you contact us with a request regarding the AHOI or our sandbox. In doing so, we process the following personal data in particular: first name, last name, e-mail, telephone number and account data. The legal basis for data processing in accordance with this section is Art. 6 (1) lit. a), b) and f) DSGVO.


3 AHOI Sandbox

To use the API, it is necessary to generate a sandbox access. The following information is required to register a private access: Your email address, a password of your choice, your first and last name, your address, postcode and city. You can also voluntarily provide us with your mobile phone number and other address details. You can also voluntarily provide us with further details within the API. In the case of commercial use, we also ask for the purpose of use, your company and your job title as part of the registration process. We use the so-called double-opt-in procedure for registration, i.e. your registration is only completed when you have confirmed your registration via a confirmation e-mail sent to you for this purpose by clicking on the link contained therein. If you do not confirm your registration within 7 days, your registration and your personal data will be deleted from our database. After registering, you will receive your personal Sandbank access along with your user name and PIN. The legal basis for data processing is Art. 6 para. 1 lit. a) and f) DSGVO.


4. Application for cooperation

Teams can apply for cooperation with us on our website using a form. The following data can be entered: company, field of activity of the company, special features of the team, ideas and wishes regarding the cooperation, contact data, contact person, e-mail address, business, number of customers, competitors, business model, challenge. In addition, a pitch deck can be uploaded. All information is voluntary. The legal basis for data processing is the implementation of pre-contractual measures in response to your enquiry, Art. 6 (1) p. 1 lit. b) DSGVO or our overriding legitimate interest pursuant to Art. 6 (1) p. 1 lit. f) DSGVO.


5. Applicants

In the context of an application for employment with us, your data will be stored and processed for the purpose of the possible offer of employment and application management. The following data is particularly relevant in the application process: Name, first name, title, address data, contact data, date of birth, CV, certificates, cover letters. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. b) DSGVO in conjunction with, § 26 para. 1 BDSG.

6. Usage of console.wallis.de

Registration is required to use console.wallis.de and its services. To create a user account, the following information is required: First name, last name, e-mail address. In addition, you can provide us with further information on a voluntary basis. When using console.wallis.de, further information is processed and stored by us in the same way as in section 1 "Informative visit to our website".

Additional services (so-called API) from third parties and third-party providers (so-called API providers) can be obtained via console.wallis.de. For these services, registration / activation of the API provider is usually required. In this case, Wallis will pass on the data you entered during registration on console.wallis.de to the API provider.

The legal basis for the data processing is the handling of a contractual relationship (Art. 6 para. 1 p. 1 lit. b) DSGVO and our overriding legitimate interest pursuant to Art. 6 para. 1 S. 1 lit. f) DSGVO.


IV. Sources

We receive personal data from our contractual partners in the course of our business relationships. In addition, we process personal data that we receive directly from our customers, interested parties, service providers, employees and applicants. Furthermore, we process - to the extent necessary for the provision of a service - personal data that we have received from other group companies or from other third parties in a permissible manner (e.g. for the performance of services, for the fulfilment of contracts or on the basis of consent given by you).


V. Processing purposes and legal bases

Your personal data will only be collected and processed by us if you have consented to the processing (Art. 6 para. 1 p. 1 lit. a) DSGVO), the data processing is required by law (Art. 6 para. 1 p. 1 lit. c) DSGVO), serves the initiation or settlement of a contractual relationship (Art. 6 para. 1 p. 1 lit. b) DSGVO) or the data processing is based on our legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO).

The respective processing purposes can be found in the individual processing activities under III. of this privacy statement.


VI. Disclosure of data to third parties and third-party providers

We will not disclose your personal data to third parties unless you consent to the disclosure, there is a legal obligation to disclose it, it is for the performance of a contract or we can invoke legitimate interests in the economic and effective operation of our business with regard to such disclosure.

VII. Duration of processing and storage of personal data

We process and store your personal data as long as it is necessary for the purposes for which it was collected or otherwise processed, in particular as long as it is necessary for the fulfilment of our contractual and legal obligations. It should be noted that the business relationship may be a continuing obligation that is intended to last for several years.

In the case of data storage for the fulfilment of legal obligations, the following deadlines apply in particular:


  • according to §§ 257 para. 4 HGB, 147 para. 3 AO: 10 years for commercial books and accounting vouchers, beginning with the end of the calendar year in which the last entry was made in the commercial book,

  • according to §§ 257 para. 4 HGB, 147 para. 3 AO: 6 years for commercial letters beginning with the end of the calendar year in which the last entry was made in the commercial book,

  • pursuant to section 8 para. 4 GWG: 5 years for records and other evidence relevant under money laundering law, beginning with the end of the calendar year in which the business relationship ends.


If you have applied to us, we will store your personal data for as long as this is necessary for the decision on your application. Insofar as an employment relationship between you and us does not come about, we may also continue to store the personal data insofar as this is necessary for the defence against possible legal claims. In principle, the application documents are deleted six months after notification of the rejection decision, unless longer storage is necessary (e.g. because an employment relationship has come about or in the event of legal disputes).


VIII. Your data protection rights

You have the following rights against us:


  • Request information about your personal data processed by us, Art. 15 DSGVO. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling;

  • immediately demand the correction of inaccurate or incomplete personal data stored by us, Art. 16 DSGVO;

  • request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims, Art. 17 DSGVO;

  • to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO, Art. 18 DSGVO;

  • To receive your personal data that you have provided to us in a structured, commonly used and machine-readable format and to request the transfer to another controller, Art. 20 DSGVO;

  • revoke your consent once given to us at any time, Art. 7 (3) DSGVO. This has the consequence that we may no longer continue the data processing based on this consent for the future;

  • in the event of an automated decision (profiling), the right to express one's point of view and to challenge the decision, Art. 22(3) DSGVO;

  • complain to a supervisory authority, Art. 77 DSGVO. For this purpose, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters. At our company headquarters, the Hamburg Commissioner for Data Protection and Freedom of Information is generally responsible.


IX. Use of cookies

Cookies are set on our website. Cookies are data packets that are exchanged between the server of the Wallis GmbH website and the visitor's browser. These are stored by the respective devices used (PC, notebook, tablet, smartphone, etc.) when visiting the website. Information is stored in the cookies that arises in each case in connection with the specific end device used.

Some cookies are used to make our website and our services as a whole more user-friendly, effective and secure - for example, to speed up navigation on our site. Cookies are also used to protect access to areas that are not generally accessible. The legal basis for the use of these cookies is Art. 6 para. 1 p. 1 lit. f) DSGVO.

Among other things, we use so-called "session cookies". Session cookies are temporary cookie files that are deleted as soon as you leave the website or expire automatically if you have been inactive for more than 30 minutes, i.e. have not done anything on our website. Session cookies are automatically deleted at the end of your visit to our website.

You have several options to block the use of cookies. In the Content Banner and in your browser settings, you can choose not to allow cookies, to allow cookies to be set only by trusted websites, or to accept cookies only from websites that are actually currently being visited. If you block cookies, you may not be able to access certain areas of this website. However, you can of course use the basic information on our website without using cookies.

The use of cookies that are used for range measurement and advertising purposes only takes place if you have consented to the use of the cookies. The legal basis for the use of these cookies is Art. 6 para. 1 p. 1 lit. a) DSGVO.


X. Use of third-party tools and social media plug-ins

We process your data to place our offers on the market and to obtain information about the use of our website. For these purposes, we cooperate with various service providers to whom we transmit data. We inform you about these individual services in the following. The legal basis for this data processing is your consent, which can be revoked informally at any time, Art. 6 para. 1 S. 1 lit. a) DSGVO. Your revocation only affects future data processing and does not affect the lawfulness of the previous processing.

The appropriate level of data protection when using service providers and processors outside the European Union (EU/EEA) is ensured by compliance with Art. 44 et seq. DSGVO. According to Art. 45 DSGVO, personal data may be transferred to a third country (e.g., the USA) if the EU Commission has decided that the third country in question offers a level of data protection that complies with the DSGVO. The European Commission signed the adequacy decision for the new data protection framework agreement between the U.S. and the European Union (EU) on July 10, 2023. This means the agreement, also known as the Data Privacy Framework, has entered into force. Through the European Commission's adequacy decision, which has now entered into force under Article 45 (3) DSGVO, the Commission has confirmed that the U.S. provides an adequate level of protection for personal data comparable to that provided by the EU. Against this background, the transatlantic data transfer between us and our US service provider can be based on this adequacy decision. The prerequisite is that the US company in question is certified accordingly with the US Department of Commerce. Another legal basis for transatlantic data flows is the conclusion of the standard contractual clauses published by the EU Commission on June 4, 2021 pursuant to Article 46 (2) (c) of the DSGVO and obtaining your consent for transatlantic data transfers pursuant to Article 49 (1) (a) of the DSGVO.

Use of the Webex video conferencing tool

If you make an appointment for a web/telephone conference with us, you will receive an invitation e-mail with access data to an online meeting of the service provider Cisco Systems Inc. (hereinafter "Cisco"), 170 West Tasman Drive, San José, California, 95134 USA. We use the video conferencing tool Cisco Webex Meetings (hereinafter "Webex") to conduct the conference call. You can participate via the Webex app, via telephone or via the browser. If you use the app, you join by entering the respective meeting ID and, if necessary, other access data for the meeting (e.g. password) in the app. If you are not using the app, you can also use the basic functions via a browser version.

To create the online meeting, the data you enter will be passed on to the service. When conducting video conferences via Webex, your display name, the email address you enter, the browser you use and your IP address are processed. If you participate by telephone, your telephone number will also be processed. If you participate in a meeting via the Webex app with your account, you have the option of using a pseudonym as a display name instead of your name before entering the meeting room.

A corresponding order processing agreement was concluded with the company Cisco. Please also note the provider's data protection information. This can be found at: https://www.cisco.com/c/de_de/about/legal/privacy-full.html.

The legal basis for data processing is the execution of a (pre-contractual) contractual relationship (Art. 1 p. 1 lit. b) GDPR) and our overriding legitimate interest in the effective conduct of an online meeting, Art. 6 para. 1 p. 1 lit. f) GDPR.


XI. Corporate presences in social media

We operate a company presence in the following social networks:


  • Linkedin

  • (X) Twitter

  • Xing


in order to be able to communicate with the customers, interested parties and users active there (hereinafter also jointly: "visitors") and to inform them about our projects and services.

We cannot trace which user data the social networks collect. We have no influence on the data processing that takes place for this purpose, cannot prevent it and also do not gain access to the underlying data. We also do not have full access to your profile data. We can only see the public information of your profile. You decide on the specific public information in each case in your settings in the respective social network.

We only receive anonymous statistics from the social networks. We use these statistics, from which we cannot draw any conclusions about individual users, to constantly improve our online offer in the social networks and to better respond to the interests of visitors. We cannot link the statistical data with the profile data of our visitors. The legal basis for the use of the statistical data is Art. 6 para. 1 p. 1 lit. f) DSGVO.

We receive your personal data via the social networks if you actively communicate this to us via a personal message. We use your data (e.g. first name, last name, user name, e-mail address) to respond to your request. Your data will be stored until this purpose is fulfilled. The legal basis for processing in the case of an active approach by you is your consent in the sense of Art. 6 Para. 1 S. 1 lit. a) DSGVO. If your message is in connection with a (pre)contractual relationship with us, the legal basis for data processing is Art. 6 para. 1 p. 1 lit. b) DSGVO.

In the case of requests for information and the assertion of user rights, we point out that these can be asserted most effectively with the providers. This is because only they have access to the complete information and data of the users.

Insofar as we receive personal data from you via a social network, this is processed under joint responsibility with the respective social network.

We would like to point out that personal data may be processed in the USA when using the social networks. The data transfer to the USA therefore takes place on the basis of the adequacy decision of the European Commission pursuant to Art. 45 (3) DSGVO, on the basis of the concluded standard contractual clauses published by the EU Commission on June 4, 2021, pursuant to Art. 46 (2) lit. c) DSGVO or by way of obtaining your consent to the transatlantic data transfer pursuant to Art. 49 (1) lit. a) DSGVO.

Information about the data collection and further processing by the social networks can be found in the links below.


Linkedin

LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Irland, ein Tochterunternehmen der LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA.

https://www.linkedin.com/legal/privacy-policy


X (Twitter)

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland

https://twitter.com/de/privacy


XING

New Work SE, Am Strandkai 1, 20457 Hamburg, Germany https://privacy.xing.com/de/datenschutzerklaerung


XII. Necessity of providing data

In the context of using the website and its functions, you must provide us with the personal data that is required for the respective use and/or that we are legally obliged to collect, Art. 13 para. 2 lit. e) DSGVO. Without this data, it will generally not be possible to use the functions, request our services or contact us.


XIII. Existence of automated decision making

As part of the use of our website, no fully automated decision-making (profiling) takes place in accordance with Art. 22, Art. 13 para. 2 lit. f), Art. 14 para. 2 lit. g) DSGVO. Should we use these procedures in individual cases, we will inform you of this separately, insofar as this is required by law.


XIV Amendment to the Privacy Policy

This data protection declaration is valid as of December 2023. Due to the further development of our website and offers or due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access and print out the current data protection declaration at any time at https://s-wallis.de/de/privacy.


Information about your right to object according to Art. 21 DSGVO

1. Right to object on a case-by-case basis

At any time you have the right to object, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6 (1) sentence 1 lit. e) or f) DSGVO; this also applies to profiling used on the basis of this provision within the meaning of Art. 4 (4) DSGVO.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.


2. Right to object to the processing of data for advertising purposes

In individual cases, we process your personal data for the purpose of direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

If you object to processing for these purposes, we will no longer process your personal data for these purposes.


3. The right to object to processing for scientific or historical research purposes or for statistical purposes

You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or historical research purposes or for statistical research purposes pursuant to Article 89(1) DSGVO, unless the processing is necessary for the performance of a task carried out in the public interest.