Privacy Policy

We inform you below in accordance with the statutory provisions of data protection law (in particular the German Federal Data Protection Act (BDSG n.F.) and the European General Data Protection Regulation “GDPR”) about the nature, scope and purpose of the processing of personal data by our company. This privacy policy also applies to our websites and social media profiles. For definitions of terms such as “personal data” or “processing,” we refer to Art. 4 GDPR.

Name and Contact Details of the Controller

Our controller (hereinafter referred to as the “Controller”) within the meaning of Art. 4 No. 7 GDPR is:

Two West GmbH
Krackser Straße 12
33659 Bielefeld
Managing Director: Christine Gaebel-Stodiek
Commercial Register/No.: HRB 42027
Register Court: Bielefeld
Phone: +49 521 3292 0220
Email: kontakt@twowest.de

Types of Data, Purposes of Processing and Categories of Data Subjects

Below we inform you about the type, scope and purpose of the collection, processing and use of personal data.

1. Types of data we process

Contact data (telephone number, email, fax, etc.), content data (text entries, videos, photos, etc.)

2. Purposes of processing pursuant to Art. 13(1)(c) GDPR

Technical and economic optimization of the website, optimization and statistical evaluation of our services, support for the commercial use of the website, user-friendly design of the website, economic operation of advertising and the website, marketing / sales / advertising, prevention of spam and misuse, handling contact inquiries, provision of websites with functions and content, security measures

3. Categories of data subjects pursuant to Art. 13(1)(e) GDPR

Visitors/users of the website

The data subjects are collectively referred to as “users.”

Legal Bases for the Processing of Personal Data

Below we inform you about the legal bases for the processing of personal data:

  1. If we have obtained your consent for the processing of personal data, Art. 6(1) sentence 1 lit. a GDPR is the legal basis.
  2. If the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures taken at your request, Art. 6(1) sentence 1 lit. b GDPR is the legal basis.
  3. If the processing is necessary to fulfill a legal obligation to which we are subject (e.g. statutory retention obligations), Art. 6(1) sentence 1 lit. c GDPR is the legal basis.
  4. If the processing is necessary to protect vital interests of the data subject or another natural person, Art. 6(1) sentence 1 lit. d GDPR is the legal basis.
  5. If processing is necessary for the purposes of our legitimate interests or those of a third party, and your interests or fundamental rights and freedoms do not override these interests, Art. 6(1) sentence 1 lit. f GDPR is the legal basis.

Disclosure of Personal Data to Third Parties and Processors

As a rule, we do not disclose your data to third parties without your consent. If this does occur, the disclosure is based on the aforementioned legal bases, for example when transferring data to online payment providers for contract fulfillment, due to a court order, or because of a legal obligation to disclose data for the purposes of criminal prosecution, averting danger, or enforcing intellectual property rights.

We also use processors (external service providers, e.g. for hosting our websites and databases) to process your data. If data is passed on to processors within the framework of a data processing agreement, this is always done in accordance with Art. 28 GDPR. We carefully select our processors, monitor them regularly, and have secured the right to issue instructions regarding the data. In addition, the processors must have implemented appropriate technical and organizational measures and must comply with the data protection regulations in accordance with BDSG n.F. and GDPR.

Data Transfer to Third Countries

With the adoption of the General Data Protection Regulation (GDPR), a uniform basis for data protection in Europe has been established. Your data will therefore primarily be processed by companies for which the GDPR applies. Should processing by third-party services outside the European Union or the European Economic Area nevertheless take place, these must meet the special requirements of Art. 44 et seq. GDPR. This means that processing is carried out on the basis of special guarantees, such as an officially recognized determination by the EU Commission of a level of data protection equivalent to that of the EU, or compliance with officially recognized specific contractual obligations, the so-called “Standard Contractual Clauses.”

If, due to the invalidity of the so-called “Privacy Shield,” we obtain your explicit consent for the transfer of data to the USA pursuant to Art. 49(1) sentence 1 lit. a GDPR, we point out the risk of access by US authorities and the possible use of the data for monitoring purposes, potentially without legal remedies for EU citizens.

Deletion of Data and Storage Duration

Unless expressly stated otherwise in this privacy policy, your personal data will be deleted or blocked as soon as the consent you have given for processing is withdrawn or the purpose for storage no longer applies, or the data is no longer required for the purpose, unless further storage is necessary for evidentiary purposes or statutory retention obligations prevent deletion.

This includes, for example, commercial retention obligations for business correspondence pursuant to § 257(1) HGB (6 years) and tax retention obligations pursuant to § 147(1) AO (10 years). Once the prescribed retention period expires, your data will be blocked or deleted unless storage is still necessary for the conclusion or fulfillment of a contract.

Existence of Automated Decision-Making

We do not use automated decision-making or profiling.

Provision of Our Website and Creation of Log Files

If you use our website for informational purposes only (i.e. without registration and without otherwise transmitting information), we only collect the personal data that your browser transmits to our server.

If you wish to view our website, we collect the following data:

  • IP address
    • User’s internet service provider
    • Date and time of access
    • Browser type
    • Language and browser version
    • Content accessed
    • Time zone
    • Access status/HTTP status code
    • Amount of data transferred
    • Websites from which the request originates
    • Operating system

This data is not stored together with other personal data relating to you.

This data is used for the purpose of providing a user-friendly, functional and secure delivery of our website and its content, as well as for optimization and statistical evaluation.

The legal basis for this is our legitimate interest in data processing pursuant to Art. 6(1) sentence 1 lit. f GDPR.

For security reasons, we store this data in server log files for a limited period of time. After this period expires, the data is automatically deleted unless its retention is required for evidentiary purposes in the event of attacks on the server infrastructure or other legal violations.

Data Security

In order to protect all personal data transmitted to us and to ensure that data protection regulations are complied with by us and our external service providers, we have implemented appropriate technical and organizational security measures.

For this reason, among other things, all data transmitted between your browser and our server is encrypted via a secure SSL connection.

Status: 20 February 2024