This Privacy Statement explains how John Deere and its controlled affiliates Process Personal Data. This Statement also answers specific questions that you may have regarding the privacy and security of collected data. This Statement is addressed to individuals with whom we interact, including visitors or users of our websites, applications (web or mobile), or online products and services; current and prospective customers; management and personnel of corporate customers and vendors; management and personnel of authorized dealerships and distributors; visitors to our facilities, museums, and attractions; and other recipients of our products and services. We refer to individuals whose Personal Data is Processed as ‘you’ in this Statement.
Personal Data is shared with members of the John Deere Group. A list of members belonging to the John Deere Group is available
and within the
Binding Corporate Rules
. Members belonging to the John Deere Group may jointly Process Personal Data in certain circumstances.
Country or product-specific privacy supplements may apply to the Processing of Personal Data in relation to specific products or services offered by John Deere that may generally require Processing of additional categories of Personal Data or Processing for different purposes.
John Deere products and services are distributed through a network of authorized dealers and distributors. The majority of these authorized dealers and distributors are independently owned and operated businesses that may have their own privacy statements.
1. Types of Personal Data We Collect
We Process Personal Data about you. This section contains some common examples. Depending on your country/region and Applicable Law, the examples below may be considered Personal Data and/or may be collected from you.
Personal Details and Contact Information
Name, date of birth, government identifiers, signature, image
Address, phone number, email address
Demographic information (such as gender, marital status, household, general location)
Username, password, social media profile
Transaction and Financial Account Information
Financial information (such as accountholder, account number, credit/debit card information, financing/leasing information)
Transaction information (such as purchases, service history, payments, complaints, claims)
Credit application information (such as assets, liabilities, income, occupation, financial statement information, current and historical account information with us, equipment and the dollar amount being financed, credit information [including credit scores], property reports about any property which secures your obligation to us)
Insurance information (such as proof of insurance)
Preference and Relationship Information
Preference and relationship information (such as business type, interests)
Business role information (such as occupation, job title, contact information, company details, employment history)
Property, farm or business information
Information about how you interact with us, authorized dealers and distributors, and business partners
Details of accounts with us (such as purchases, inquiries, customer accounts, warranty claims history, payment history)
Computer, Device, Online Service, Social Media, and Internet Information
Activity in our online services (such as username and password used to log in, date/time of visit, search details)
Device identifier for any device used to access our online services (such as model, serial number, usage tracking)
Information about pages or content visited on the online services
Social media profile and comments (including views and opinions), images, and other information you may post on message boards, user forms (including social media) or in response to surveys
Whether you have opened or read our communications
Time and duration of use of the online services, error reports, and performance data. Information and data collected include your internet protocol (IP) address and information related to the IP address
Type and version of your device’s operating system or web browser
Hardware model and other unique device identifiers; and in some cases, your device’s location. This information may be logged when you use the online services
Sensitive or Special Personal Data
Some of the Personal Data that we may Process in connection with the Purposes in Section 3 may be deemed sensitive or special personal data under Applicable Law. In certain countries/regions, this data may not be collected.
We also collect Machine Data that is generated by, collected by, or stored in products or equipment or any hardware or device interfacing with products or equipment. For more information about how we may use Machine Data, see the
John Deere Data Services & Subscriptions Statement
WIRTGEN GROUP WITOS Agreements
. Examples of such data could include license, registration, VIN, location hours, diagnostic data, and usage information.
2. How We Collect Personal Data
We collect Personal Data from a variety of sources, including:
Information We Collect Directly from You:
We collect Personal Data when you interact with us. You may provide Personal Data to us electronically, in writing, or verbally. Common interactions where you provide Personal Data to us include when you:
Sign up for or purchase services or buy products and equipment
Register for an account
Use our online services, including our website
Sign up to receive a newsletter
Contact us for customer service purposes or register your warranty
Apply for financing
Respond to surveys
From Third Parties:
We receive Personal Data about you from third parties who provide it to us. Third parties include authorized dealerships and distributors, suppliers, insurance providers, your employer, credit reference agencies, and law enforcement or governmental authorities.
If you purchase or lease goods or services on credit, we generally collect Personal Data about you from you, credit bureaus, financial institutions and other creditors, your employer, and publicly available sources, to the extent permitted by Applicable Law. For example, we may collect Personal Data from certain third parties, like your employer to confirm your income details, creditors to confirm your creditworthiness and credit bureaus to obtain a credit report, or we may engage an agent to collect information on our behalf, or we may have existing Personal Data about you on file if you were a previous customer or a guarantor for another of our customers.
We may also collect Personal Data from third party data suppliers, who enhance our files and help us better understand our customers:
If you purchase any of our products or services through such third parties,
If you access social media sites, such as Facebook, or if you interact with a social media function on the online services such as a social medial plug-in (a Facebook "like" button),
If you ‘like’ our social media pages, or
If you join our communities
at the bottom of our homepage for further information on the cookies we place.
3. How We Use Personal Data (the “Purposes”)
We will Process Personal Data where we are satisfied that we have an appropriate legal basis. Common legal bases and purposes for processing Personal Data include the following, unless another legal basis applies under the requirements of country or product specific laws:
Processing to Fulfill Contractual Obligations: We Process Personal Data to fulfill our contractual obligations to you. This Processing consists of:
Collecting and using Personal Data to provide the requested products and services
Delivering goods and services that you request
For related services such as product delivery, maintenance, customer and product support and service (including warranty service), financing, leasing, and credit services; and operation of the online services
Assessing your creditworthiness, in some countries/regions this is done through the use of automatic decision making
Servicing and collecting your account, responding to your related inquiries, processing your feedback, and providing you with support
Providing you with general customer services and to respond to your queries and complaints in relation to our services
Maintaining your access to related services and applications
Sending you service communications regarding maintenance, availability, functionality, or other matters
Processing Where You Provide Consent: We Process Personal Data based on your consent, which you may revoke at any time. This Processing may consist of:
Sharing Personal Data with our authorized dealers, distributors, and/or merchants so that they can support you when you purchase a product or service or as otherwise agreed between you and your dealer/merchant
Sharing Personal Data when you purchase or lease goods or services on credit from an authorized dealer or distributor, John Deere Financial Multi-Use Account merchant, or other person, or when you agree to guarantee someone else's obligations under such an arrangement
Sharing Personal Data with suppliers
Sharing Personal Data with authorized dealers and distributors for them to contact you with marketing information about John Deere’s products and services
Marketing to you about our products and services, and to identify goods and services which we believe may be of interest to you, including from authorized dealers and distributors, suppliers, and partners. We will contact you for marketing purposes only as you authorize in your marketing preferences
To administer sweepstakes, contests, loyalty programs, and other promotional events for which you sign-up or enter, such as scheduling and arranging tours of facilities or our attractions or participating in product introductions and other trade shows
To provide other information that may be of interest, such as announcements, reminders, service outages, product improvement programs, and technical service bulletins; news about John Deere, company magazines (such as The Furrow and Homestead), and catalogs; and invitations to trade shows, product introductions, and other events
Processing to Ensure Compliance:
We will Process Personal Data as required by Applicable Law or regulatory requirements that apply to John Deere.
Processing Based on Our Legitimate Interest. We may process Personal Data based on our legitimate interest, including as follows:
To monitor, maintain, and improve our IT environment and the applications that our customers use and that we use to manage our services
If necessary, we will Process Personal Data for the purposes of preventing or prosecuting criminal activities such as fraud and to assert or defend against legal claims
We may pseudonymize/anonymize Personal Data to create data sets, which we use for our business purposes, including developing new products and services
To evaluate your use of our services to assist with our development of new products and services, and to make improvements to our existing products and services
4. Why Personal Data is Disclosed by John Deere
We share Personal Data in the manner and for the purposes described below and in accordance with this Privacy Statement and any transaction specific document, unless we have informed you otherwise or if the Processing is in conflict with Applicable Law:
With the John Deere Group, where such sharing is helpful to provide you with our services or products or to manage our business
With other companies to perform specialized or professional functions for us
With third party service providers (who will operate under our instructions set out in a written agreement with us) to assist us in providing information, products, or services to you, in conducting and managing our business, or in managing and improving our products or services. We share your Personal Data with these third parties to perform services, subject to appropriate contractual restrictions and security measures. These include IT service providers who help manage our IT and back-office systems and machine services, including internet and software services: data hosting, data conversion, and cloud computing capabilities, account management and security, testing, debugging, error reporting, and usage analytics, as well as mobile telecommunication providers
With regulators and courts, to comply with all Applicable Laws, regulations and rules, and requests of law enforcement, regulatory and other governmental agencies
With authorized dealers and distributors so that they can support you. They may use your Personal Data in the ways set out in “How We Use Personal Data” in Section 3 above or relating to products and services that complement our own range of products and services. These services may be subject to separate terms and conditions and privacy policies
With our partners, affiliates, or advertisers, we may share aggregate, statistical, or traffic pattern data so that you have more personalized offerings
With the online services that may contain plugins or third-party content, such as Facebook (the “like” button), Twitter (“Share to Twitter” button), LinkedIn, or Google. For more information, see our
If, in the future, we sell or transfer some or all of our business or assets to a third party, we may share information to a potential or actual third-party purchaser of our business or assets
5. Cookies and Similar Collection Technologies
Technical information that may also constitute Personal Data (your browser type, operating system, IP address, domain name) may be collected via cookies and other tracking technologies (such as transparent GIF files). Please see our
at the bottom of our homepage for further information.
6. How to Access and Control your Personal Data
You have certain rights in relation to Personal Data, subject to certain exemptions and depending on your country/region, and in some cases dependent upon the Processing activity we are undertaking. If you have these rights in your country/region, such as in the EU/UK, and if you wish to access, correct, update, request deletion, request information, object, request restriction of processing, request data portability, not be subject to decisions based solely on automated processing, or otherwise take action with respect to Personal Data, you can do so at any time by contacting us using the contact details provided in Section 12 (‘How to Contact Us’) below.
If we have Processed Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any Processing we conducted prior to your withdrawal, nor will it affect Processing of Personal Data conducted in reliance on lawful processing grounds other than consent.
In certain countries/regions, you have a right to lodge a complaint with your local supervisory authority if you have concerns about how we are Processing Personal Data. We ask that you please attempt to resolve any issues with us first, although you have a right to contact your supervisory authority at any time.
If you have any questions about Personal Data, please contact us using the contact details provided in Section 12 below. We may ask you for additional information to confirm your identity and for security purposes, before disclosing the Personal Data requested by you. In accordance with Applicable Law, we reserve the right to charge a fee where permitted by law, for instance if your request is unfounded or excessive.
Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly or inform you if we require further information in order to fulfill your request. We may not always be able to fully address your request, for example, if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
In certain countries/regions you may unsubscribe from receiving marketing and promotional communications from us by unsubscribing at the appropriate link or writing to us at the contact information in Section 12 below. If you receive our email communications, you may also unsubscribe by clicking on the unsubscribe link included in each email. Please note that you may continue to receive transactional and account-related communications from us.
In some cases, the exercise of these rights (for example, erasure, objection, restriction or the withholding or withdrawing of consent to processing) may make it impossible for us to achieve the purposes identified in Section 3 of this Privacy Statement.
7. Information & Data Security
We have implemented and maintain appropriate technical and organizational security measures, policies, and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorised disclosure or access of Personal Data. For further information on our cybersecurity program, please see our latest company
or contact us as outlined in Section 12 below.
8. Data Retention
We will store Personal Data for as long as is necessary for the purposes for which it was collected, as explained in this Privacy Statement or in any transaction specific document. In some circumstances we may store Personal Data for longer periods of time, for instance where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements. In specific circumstances, we may store Personal Data for longer periods of time so that we have an accurate record of your dealings with us in the event of any complaints or challenges, or if we reasonably believe there is a prospect of litigation relating to Personal Data or your dealings. Personal Data is retained in accordance with our record retention schedule and with applicable legal provisions. Subject to our record retention schedule and with applicable legal requirements, we will delete and/or anonymize Personal Data that are no longer needed.
9. Transferring Personal Data Globally
John Deere operates on a global basis. Accordingly, Personal Data may be transferred and stored in countries around the world, including the European Union (“EU”), the United States of America, Brazil, India, and other countries where John Deere has offices, authorized dealers and distributors, or service providers. These locations often have different standards of data protection. Realizing these differences, when we transfer Personal Data to other countries, we will protect that information as described below in this Privacy Statement or as disclosed to you at the time of data collection.
John Deere will take appropriate steps to ensure that transfers of Personal Data are in accordance with Applicable Law and carefully managed to protect your privacy rights and interests. We have established and implemented a set of Binding Corporate Rules (‘BCRs’) for the EU amongst members of the John Deere Group that have been recognized by EU data protection authorities as providing an adequate level of protection to the Personal Data we process globally. A copy of our BCRs is available
In all other countries outside of the EU, when transferring Personal Data between members of the John Deere Group, appropriate measures have been implemented such as standard contractual clauses, certifications, codes of conduct, or other valid data transfer mechanisms. Our internal policies and codes of conduct also require compliance with all applicable privacy laws and regulations.
Where we transfer Personal Data outside of John Deere or to third parties who help provide our products and services, we obtain contractual commitments from them to protect Personal Data. Some of these assurances are well recognized data transfer terms, such as EU Standard Contractual Clauses.
Where we receive requests for information from law enforcement or regulators, we carefully validate these requests before any Personal Data is shared, and then only share Personal Data as appropriate.
You may contact us for more information about our use of service providers and the safeguards we have put in place (including a copy of relevant contractual commitments) to ensure the adequate protection of Personal Data when transferred as mentioned above.
10. Children’s Privacy
The John Deere website and applications are not directed to children or adolescents, and we do not knowingly collect any Personal Data directly from children under the age of 18. If you believe that we are processing information pertaining to a child, please contact us using the information provided under the ‘How to Contact Us’ section below so that we may investigate and restrict the data.
11. Changes to this Privacy Statement
From time to time, we may update this Statement to reflect new or different privacy practices. If we make changes, we will revise the “Last Updated” date at the bottom of this Statement.
Personal Data is defined under Applicable Law. It often means any information relating to an identified or identifiable natural person (‘Data Subject’). An identifiable natural person often means one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, etc.
In South Africa and in Argentina, Personal Data of corporate entities is also protected by applicable data privacy laws. When processing such Personal Data in South Africa and in Argentina, we will process it in accordance with this Privacy Statement.
Processing is defined under Applicable Law, including but not limited to actions such as collecting, storing, using, accessing, amending, deleting, destroying, or sharing data.
Machine Data is data generated by, collected by, or stored in your equipment or any hardware or device interfacing with your equipment.
Applicable Law means any relevant and applicable laws, rules, regulations, decrees, statutes, enactments, orders, mandates, and resolutions pertaining to data security, data protection, privacy, and/or the Processing of Personal Data, and which applies to the John Deere Group.
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
The Deere entity with which you have a primary relationship with is the controller of personal data collected from individuals within the scope of this Statement. This entity may vary depending on the situation. It may be the entity that concluded services/supply contract with you or with your employer the entity that has provided you with marketing and promotional materials and communications; the primary entity in the country operating the John Deere website which you visited; the entity that operates the local facilities that you visited, the entity which (co)-organized an event; etc.
When there is more than one entity responsible for the processing, such as: when two Deere entities co-sign a business contract with your company, such entities are jointly responsible for the lawfulness of a specific processing activity (“Joint Controllers”).
On some occasions, more than one Deere entity may process your personal data as independent controllers. If you have any questions about controllership, do not hesitate to contact us (see Section 12 for contact information).
II. Contact information for the Data Protection Officer
You can contact our data protection officer:
Data Protection Officer c/o WIRTGEN GROUP Branch of John Deere GmbH & Co. KG Reinhard-Wirtgen-Strasse 2 53578 Windhagen, Germany E-mail:
III. General data processing information
The protection of your personal data is very important to us. We process your data primarily to provide a working and easy-to-use website. Your data will always be processed in accordance with the relevant legal regulations.
We furthermore process your data only if and insofar as this is permitted by statutory provisions. Additional information is available in the following statements.
IV. Provision of the website and creation of logfiles
Every time our website is accessed, our system automatically collects data and information from your computer system. We collect the following data:
(1) information about the browser type and version used
(2) your operating system
(3) your IP address
(4) date and time of access
(5) websites from which your system reaches our website
(6) name of files retrieved or URL
(7) data volumes transferred
(8) http status code (e.g. “inquiry successful” or “requested file not found”), methods (e.g. “GET” or “POST”), and version (e.g. “HTTP/2.0” or “HTTP/1.1”)
This data is stored in the log files of our system. There is no storage of the aforementioned data together with other personal data.
We use this data to secure our IT systems. Furthermore temporary storage is used for error detection and error prevention. The data will not be used for marketing purposes in this context. The legal basis for the temporary storage of data and the logfiles is Art. 6 para. (1) lit. f) of the European General Data Protection Regulation (“GDPR”).
The data is stored until it is no longer necessary in relation to the purposes for which they were collected or otherwise processed. If data is required to deliver the website, the necessity ends when the session ends. Your data will be deleted automatically at the end of the session. If stored in our log files, the data will be erased after seven days at the latest. If the data is stored longer than this, your IP address will be deleted or alienated so it cannot be traced back to you or your internet connection.
The hosting of our website is carried out on our behalf by processors which are acting under our authority and in compliance with GDPR and do not forward your data to third parties without authorization.
V. Font „Avenir“
For our website we use the font “Avenir” provided by the company Monotype GmbH, Horexstraße 30, 61352 Bad Homburg, Berlin branch: Bergmannstraße 102, 10961 Berlin, Germany. This ensures that the website looks the same for all visitors, regardless of which device and which browser is used.
For this purpose, your personal data will only be processed by us to deliver the website with all headlines to you and personal data will not be transmitted to a third party. Monotype GmbH tracks the number of views of the fonts on our website as well as our data for contractual purposes.
Our website uses "cookies". These are text files that are stored on your computer system. It contains a custom string that identifies your browser the next time you visit the site. When you visit our website, a cookie may be stored on your system.
The following sections to no. 1 ("Obligatory or necessary cookies”), to no. 2 (“Functional cookies"), and to no. 3 ("Targeted or marketing cookies") are meant to explain in detail what types of cookies we use and what data is processed.
If cookies are generally disabled for our website, you may not able to use all features on our website.
The legal basis for the processing for all types of cookies is therefore Art. 6 para. 1 lit. a) GDPR.
1. Obligatory or necessary cookies Obligatory or necessary cookies are cookies that are required for the functionality of the online services. They are, for example, used to enable the execution of the online services, to store previous actions (e.g. text entered if you go back to a page within one session), securely design the online services, and to manage the online services (e.g. prevention of fraud). Without these cookies, online services would not function properly, or the WIRTGEN GROUP would not be able to offer certain services.
Legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f) GDPR. The data collected using technically necessary cookies is not used to create user profiles.
If you object to the use of these cookies or if you configure your browser accordingly, our website will not recognize your browser and certain content may not be retrievable or data (e.g. from an input field) may be lost.
The obligatory cookies used by us are session cookies that are automatically deleted at the end of the session.
2. Functional Cookies Functional cookies are cookies that are not necessary for the execution of online services but facilitate the use of online services by storing certain selected options or offering expanded functions. They are, for example, used to store websites headings or options, e.g. the selection of a language or other online settings (e.g. fonts). These cookies and other technologies may be used to provide requested functions, e.g. displaying a video.
Functional cookies also collect information on how online services are used, among other things the pages that are most frequently retrieved, the browser or operating systems that are used, or from which page the users arrive at the online services, whether a product or link is displayed or used, and which error messages have been generated. This information helps us improve the online services, capture the number of visitors, determine patterns of views, rectify problems within the online services, and improve the design for using the online services.
Some analysis and performance cookies are used in connection with services provided by third-party providers, among them:
Adobe Analytics is an Internet analysis service by Adobe. Adobe Analytics is used to capture information on your use of online services. The generated data is transmitted to Adobe servers in the US and is stored there. Additional information is available on the
Through the gained statistics we can improve our offer and design it more interesting for you as a user. Legal basis in addition to the consent granted by you within the scope of the cookie consent manager is therefore also our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR.
The placed cookie is valid for seven days. Non-anonymized log files on our servers are automatically deleted after 7 days.
3. Targeted or marketing cookies These cookies collect information on your surfing behavior and your online behavior even across different browsers and devices used by you in order to display advertisement in the online services and other visited sites that could be of interest for you. Your surfing behavior in the online services and your activities on other websites can, for example, be used to derive information about you, which is then used to design advertisement that is more relevant to you (frequently referred to as “interest-based advertisement”). They are also used to limit the display frequency of advertisements and determine the efficiency of advertisement campaigns. They store the information that you have visited the online services (including visited pages and links clicked on) and possibly forward this information to other companies, e.g. advertisers and marketing networks. These cookies are usually placed by third parties. Data collected through functional cookies (e.g. analysis and performance cookies) can also in part be used for advertisement purposes.
An opt-out cookie is placed in your browser for the technical implementation of your objection. This cookie serves only to allocate your objection. Please note that for technical reasons, an opt-out cookie is effective only in the browser in which it was placed. If you delete the cookies or use another browser or another terminal device, you have to place the opt-out cookie again.
Change cookie settings:
VII. Forms and email contact
We use Silverstripe to create forms. Your transmitted data is stored on our server for 7 days and is then deleted.
You can contact us through a form on our website or by email. If you enter data in the input fields provided for this purpose, then this data will be transmitted to us and processed by us.
We furthermore process the data that you voluntarily transmit to us.
If you contact us through the provided email address, then the personal data transmitted with your email will be processed (e.g. email address, name, first name, and other voluntary data).
Legal basis for processing the data transmitted is Art. 6 para. 1 lit. f) GDPR as we have a legitimate interest in being able to respond to your message. If contacting through a form or email is connected to the conclusion or performance of a contract, Art. 6 para. 1 lit. b) GDPR serves as an additional legal basis for processing your data. Insofar as processing of personal data is necessary for the fulfillment of a legal obligation incumbent upon us, the legal basis for this is Art. 6 para. 1 lit. c) GDPR.
We process personal data from the input masks or e-mails exclusively for the correspondence with you. We will not forward your personal data to a third party. However, if you have specific questions, your information including your personal data may be forwarded to other WIRTGEN GROUP companies, technical and legal experts, or translators.
You can object to the processing of your personal data by simply sending a message without any requirements as to form to the above-stated contact information.
In these cases, a processing of your message may however not be possible.
If data is required for the fulfillment of a contract or the performance of pre-contractual measures, early deletion may be possible only insofar as contractual or statutory obligations permit such. The respective applicable retention periods must be determined separately for the respective contracts and contractual parties.
When you send your message through the respective form, the following data is additionally stored:
(1) date and time of sending
Processing of this data during the sending process is to prevent misuse of the contact form and to ensure the security of our information technology systems. Therefore, Art. 6 para. 1 lit. f) GDPR serves as a legal basis. The personal data additionally collected during the sending process will be deleted after a period of seven days at the latest, unless statutory or contractual purposes permit a longer retention period.
VIII. Hosting and infrastructure provider
For the operation and provision of this website, we have leased servers from Microsoft Azure. These servers meet various certifications, among them ISO 27001. The Microsoft Corporation (One Microsoft Way, Redmond, Washington 98052, USA) is the operator of these servers.
The servers are located in the European Union as well as United States of America. Insofar as personal data of EU citizens is transferred to computer centers outside of the European Union, these computer centers meet the same level of protection on the basis of standard contractual clauses.
You can subscribe to our gratuitous newsletter. For this purpose, we process the following data:
Your data is processed with your consent, which you declare by checking a box during the registration process. Art. 6 para. 1 lit. a) GDPR serves as a legal basis. After subscribing, you will receive an email in which we request your confirmation of your subscription. This confirmation is necessary so that nobody can register with foreign email addresses.
Art. 6 para. 1 lit. b) GDPR and Art. 6 para. 1 lit. f) GDPR serve as a legal basis because the processing of data is also necessary to deliver the requested newsletter.
Data will not be forwarded to third parties within the scope of data processing for sending newsletters. The data is used exclusively for sending the newsletter. However, newsletters are send on our behalf by processors in terms of Art. 28 GDPR, which pursuant to Art. 4 No. 10 GDPR are not “third parties” in terms of GDPR.
You are authorized to cancel subscription of the newsletter at any time. Each newsletter contains a corresponding link to unsubscribe. With this we simultaneously enable you to revoke your consent to storage of your data. You can also revoke your consent at any time without requirements as to form to the above stated contact information.
We delete your data as soon as it is no longer necessary for achieving the purposes for which it was collected. Your email address will be stored as long as you subscribe to the newsletter.
Newsletter subscriptions will be recorded in order to verify that the subscription process meets legal requirements. This includes storage of the time of registration and confirmation as well as your IP address. This personal data collected within the scope of the subscription process is generally deleted 7 days after collection.
X. Online Application
You can apply for jobs on our website. You can either use the online application tool or send us your up to date CV via e-mail. You can find our vacancies here:
In this respect we use the software Umantis Talent Management as well as other services of Haufe-Lexware GmbH & Co. KG, a company of the Haufe Group, Munzinger Straße 9, 79111 Freiburg, which acts as a processor. The processor is bound by our instructions as well as by the GDPR and does not pass on your data to third parties without our instruction.
Haufe hosts the individual application forms. You therefore leave our website and are redirected there if you click on the link to the online application.
If you use the application form, the following personal data will be transmitted to us and processed by us (mandatory information is marked with a *):
(1) First and last name*
(2) Date of Birth
(3) Email address*
(8) URL of your LinkedIn und Xing-Profile
(9) Place of Birth
(10) Information on your age* & Name of parents if not of legal age
We furthermore process the data that you voluntarily submit to us as a message or which is contained in the transmitted attachments.
Prior to sending the data, we ask for your consent for the processing of your data and we refer to this privacy statement. Your data is then processed with your consent. Therefore legal basis is Art. 6 para. 1 lit. a) GDPR.
You have the right to withdraw your consent at any time. You can address your withdrawal at any time, without requirements as regards form, to the above-stated contact information or the processor responsible for your job application. However, a processing of your application may then no longer be possible.
Furthermore, additional legal basis is § 26 BDSG (Federal Data Protection Act).
XI. Compliance Hotline
1. For what purposes is the Compliance Hotline operated? Section 301 (4) of the Sarbanes-Oxley Act (SOX) requires the establishment of a whistle-blower system. The German Corporate Governance Code (Section 4.1.3) also recommends the establishment of whistleblower systems. Regardless of these statutory requirements, whistleblower systems are also generally considered a suitable component of effective compliance management systems (CMS), since they provide a protected space where employees and third parties can report compliance violations. The Compliance Hotline is such a whistleblower system.
2. On what legal basis do we process your data?
We process the data in order to detect compliance violations and criminal offenses (e.g. for the prevention of corruption) on the basis of points (d) and (f) of Art. 6(1) GDPR and/or Section 4 para. 1 sentence 1 no. 1 BDSG [German Federal Data Protection Act].
Therefore, we use the Compliance Hotline to pursue our legitimate interests in the con-text of the performance of the employment relationship and for the investigation of criminal offenses; cf. Sec. 26 GDPR.
Under the conditions of Article 88(1) GDPR and Section 26 para. 1 sentence 2 BDSG, it is permissible to collect, process and use employee data through whistleblower systems.
3. Who is involved in the processing of my data? The following parties are involved in the processing of your data:
WIRTGEN GROUP Branch of John Deere GmbH & CO. KG, Reinhard-Wirtgen-Straße 2, 53578 Windhagen, Germany
Deere & Company, One John Deere Place, Moline, IL 61265, United States
NAVEX Global, 5500 Meadows Road, Suite 500, Lake Oswego, OR 97035, United States (Hotline provider)
If necessary, data is disclosed to:
internal departments such as Management and Legal & Compliance
law enforcement and administrative agencies, courts and lawyers.
To investigate your request, information, including your personal data, may be disclosed to other WIRTGEN GROUP companies, technical and legal experts or translators for the above-mentioned purposes.
4. Is the data transferred to a third country? The data is transferred to the parent company's Center for Global Business Conduct and the service provider, both of which are located in the United States. However, WIRTGEN GROUP has taken precautions to ensure the protection of your data.
5. Which data must and/or may be provided and what happens to it? Information is provided at the whistleblower’s discretion, which is why it is not possible to determine the precise categories of personal data independently from the individual case.
XII. RSS Feeds
You can subscribe to our RSS Feeds and receive relevant news on our business. Our posts and articles are being shown in your feed reader. Unlike newsletters this does not require processing of your personal data. If you like to learn more about processing of your data using RSS Feeds please contact the operator of your feed reader.
XIII. Google Maps
In order to provide you with virtual maps our website uses Google Maps by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
We have integrated Google Maps in compliance with data protection laws. As a result, your data will not be transferred to Google unless you activate the map. By doing this you give your consent regarding the processing of your data according to Art. 6 para. 1 lit. a) GDPR.
By using Google Maps the service operator receives the following data:
Date and time of your request
Details of the request
The website from which you have accessed the accessed website (referrer)
Language and version of your browser
This is done regardless of whether Google provides a user account through which you are logged in or do not have a user account. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish the association with your Google profile, you will need to log out beforehand. Google stores your data as user profiles and uses it for the purpose of marketing, market research, and/or appropriate design of its website.
Such analysis is performed in particular (even for users that are not logged in) to provide appropriate advertisement and to inform other users of the social network of your activities on our website. You may be entitled to a right to object to the creation of these user profiles and to exercise this right to must contact Google.
Further information regarding the scope and purpose of data collection and processing by the plug-in provider is available in the privacy statements of the provider. There you will also find additional information regarding your rights and settings options to protect your privacy:
XIV. Social Media Links
We do not use social media plugins on our websites. The featured icons are hyperlinks to the mentioned social media platforms. By clicking these links you will be redirected to the WIRTGEN GROUP YouTube channel, our Twitter page, and our LinkedIn page. When clicking on these links, the respective page operator will process your personal data. If you are logged in to your respective account, the visit of our website may be associated to your profile.
We would like to inform you about your rights regarding the processing of your personal data.
1. Revocation of your consent (Art. 7 para. 3 GDPR) You have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Prior to giving consent, you will be informed thereof.
2. Right to access (Art. 15 GDPR, Sec. 34 BDSG) Pursuant to Art. 15 GDPR you have the right to obtain from us confirmation as to whether we process your personal data, and, where that is the case, access to the personal data and the following information:
the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from you directly, any available information as to their source;
the existence of automated decision-making, including profiling, referred to in Article 22 para. (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for your data.
If personal data are transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards ensuring compliance with the provisions of GDPR at these recipients.
3. Right to rectification (Art. 16 GDPR, Sec. 35 BDSG)) You have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
4. Right to erasure or “right to be forgotten” (Art. 17 GDPR, Sec. 35 BDSG) You have the right to our erasure of your personal data without undue delay insofar as one of the following grounds applies:
the data are no longer necessary for the purposes for which they were collected or otherwise processed;
you withdraw consent on which the processing is based and no other legal ground for the processing applies;
you object to the processing pursuant to Article 21 para. 1 GDPR for reasons based on your particular situation and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing;
You object to the processing for direct advertisement pursuant to Article 21 para. 1 GDPR
the personal data have been unlawfully processed;
the personal data have to be erased for compliance with a legal obligation in Union or Member State law;
the personal data have been collected in relation to the offer of information society services referred to in Article 8 para. 1 GDPR.
Where we have made the personal data public and are obliged to erase the personal data, we, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers which are processing the respective personal data thereof.
5. Right to restriction of processing (Art. 18 GDPR) According to Art. 18 GDPR, we may only process data to a limited extent where one of the following applies:
You contest the accuracy of your data, until we can verify its accuracy,
The processing is unlawful and instead of requesting the erasure of the data you ask for the restriction of use of the personal data,
We no longer need the data for the purposes of processing, but you do need it to establish, exercise or defend legal claims, or
You objected to the processing pursuant to Art. 21 para. (1) GDPR for reasons arising from your particular situation, provided it is not yet clear whether our legitimate reasons for processing override your interests
If processing is restricted we are allowed to only store this data. Further processing shall only be permitted with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
You are authorized to withdraw your consent granted in this regard at any time.
6. Notification obligation regarding rectification or erasure of personal data or restriction of processing (Art. 19 GDPR) We are obliged to inform all recipients of your data of any correction or deletion or any restriction on processing thereof, unless this proves impossible or involves disproportionate effort.
We will inform you about those recipients if you request it.
7. Right to data portability (Art. 20 GDPR) You have the right to receive the personal data which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where the processing is:
based on your consent or contract and
carried out by automated means.
In exercising your right to data portability, you have the right to have the personal data transmitted directly from us to third party, where technically feasible. This right shall not adversely affect the rights and freedoms of others.
8. Automated individual decision-making, including profiling (Art. 22 GDPR) On our website, your data is not subject to decisions based solely on automated processing (e.g. profiling).
9. Right to object (Art. 21 GDPR) If we process your data on the basis of a legitimate interest (Art. 6 para. (1) lit. f) GDPR), you have the right to object, on grounds relating to your particular situation. This also applies to profiling based on those provisions. In this case, we will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or grounds for the establishment, exercise or defense of legal claims.
Where we process personal data for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, your data shall no longer be processed for such purposes.
To object, simply address a message without requirements as regards form to the contact information listed on p. 1.
10. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR) Without prejudice to any other administrative or judicial remedy to which you may be entitled, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes the data protection regulations.
The WIRTGEN GROUP Branch of John Deere GmbH & Co. KG (hereinafter also referred to as “we” or “WIRTGEN”) complies with the requirements of the European Union’s General Data Protection Regulation (hereinafter referred to as the “GDPR”) and other legal requirements governing the protection of personal data. In particular, we implement technical and organizational security measures in line with current security standards.
This privacy information is intended for training participants and other parties whose data we process in connection with our course offering. If you are booking training courses for other participants and individuals at your company, please be sure to provide them with the following privacy information. Collective bargaining agreements, provisions in employment contracts, legitimate interests, or declarations of consent can serve as an appropriate legal basis with respect to the data disclosed to the WIRTGEN GROUP (e.g. training participants’ contact information) and the data processed by the relevant WIRTGEN GROUP company as the controller. We may provide you with additional privacy information in other situations in which we contact you or process your data, and you should take note of this information as well.
The purpose of the following privacy information is to provide you with details about how WIRTGEN processes personal data within the scope of our course offer, as well as about your rights as a data subject:
Controller & Data Protection Officer The controller is:
Protecting your privacy is extremely important to us, so it goes without saying that we comply with the applicable legal provisions governing data protection. In the following, we would like to briefly describe how we process your personal data:
Processing/Purpose: Wirtgen Group training courses
1. Organization, administration, and implementation of the Wirtgen Group’s worldwide training courses
2. Training the participants
3. Tracking training levels (skills, job profiles) and issuing reports and certificates
1. Article 6(1)(a) of the GDPR Consent (photo, registration of external participants)
2. Article 6(1)(b) of the GDPR Contract (dealers, customers)
3. Article 6(1)(b) of the GDPR Compliance with a legal obligation
4. Article 6(1)(f) of the GDPR Legitimate interests: see Purposes
5. Section 26 of Germany’s Federal Data Protection Act Employee training
Recipients: Affiliated WIRTGEN GROUP companies, IMC AG (Learning Suite), VITERO (web conferencing and live e-learning), Microsoft (collaboration software: Teams)
Duration of Storage: We store your data for a period of 5 years.
What Personal Data do we process?
In this document, the term “personal data” refers to personal data as defined in Article 4(1) of the GDPR. This includes any information relating to a natural person and that can be used to directly or indirectly identify that person.
Within the scope of providing training, we generally process contact information such as the title, name, telephone number, photo (optional), IP address (web-based learning platform), and the email address of contacts and training participants, as well as data relating to content and skill levels that is generated in connection with participating in training (e.g., training results, reports, certificates), and other accompanying data (e.g., training date, hotel booking request).
In this context, you must provide the personal data that is required to conduct our training courses, including to fulfill the associated contractual obligations, as well as to comply with legal obligations. We will inform you of the data that this includes in a suitable manner in each individual case (e.g. by identifying optional fields in forms).
We usually obtain your personal data from you yourself or from your employer as our business partner, in particular from information provided during the training registration process.
The length of time that a cookie remains on your device depends on the type of cookie. We use two types of cookies on our websites. Session cookies are temporary cookies that are saved only while you are using the website (or, more precisely, until you close your browser after using the website). Session cookies help our websites remember what you selected on the previous page without requiring you to re-enter the information. Persistent cookies remain on your device even after you have visited our website. Persistent cookies help us identify you as a unique visitor, but do not contain information that can be used to identify you to another person.
Insofar as the following information does not specify any other retention periods, the following applies collectively with respect to the retention period, irrespective of the type and purpose of the cookies:
Please note that if you deactivate cookies on our training platform, you may no longer be able to fully use all of the website’s features.
Detailed information on the respective cookies can be found here:
For What Purpose and on What Legal Basis do we process Personal Data?
As a company, we process personal data within the scope of providing training on the basis of one of the legal bases specified below:
a) Consent from the Data Subject (Article 6(1)(a), Article 7 of the GDPR) Within the scope of providing training, WIRTGEN processes personal data on the basis of the informed consent of the data subject when it comes to certain activities. In the event that WIRTGEN processes personal data on the basis of your consent, the specific purposes of processing will be specified in the content of the respective declaration of consent.
b) For the Performance of a Contract (Article 6(1)(b) of the GDPR) Personal data is processed for the performance of a contract with a natural person or in order to take steps prior to entering into a contract. The scope and details of such data processing are specified in the respective contract that we enter into directly with you in each individual case and, if applicable, in the associated terms and conditions.
c) Compliance with a Legal Obligation (Article 6(1)(c) of the GDPR) WIRTGEN is subject to legal requirements that may result in an obligation to process personal data. On the basis of these requirements, WIRTGEN is, in particular, obligated to ensure that data is retained properly, especially in accordance with the German Fiscal Code (abbreviated AO in German) and the German Commercial Code (abbreviated HGB in German), and archives documents in corresponding IT systems and, if necessary, also in paper form.
d) For the Purposes of Our Legitimate Interests (Article 6(1)(f) of the GDPR) The WIRTGEN GROUP processes personal data within the scope of general business operations and for the purpose of providing services to our customers on the basis of our legitimate interests, except where such interests are overridden by the interests or fundamental rights of the data subject. A specific interest of the WIRTGEN GROUP in this respect lies primarily in the performance of our contractual obligations vis-à-vis our customers. As a general rule, the WIRTGEN GROUP processes personal data provided by customers only to the extent that this is actually necessary for the provision of services.
To Whom do we disclose Personal Data?
In compliance with legal obligations, personal data may be disclosed to the following recipients:
Certain group companies within the WIRTGEN GROUP, e.g. if they perform data processing tasks centrally for the affiliated companies within the group. In addition, we may also share information with other affiliated companies for the purposes of corporate governance, internal communications, or other administrative purposes on the basis of our legitimate interests
Government agencies, courts, or other public authorities in Germany and abroad, if necessary
IT service providers and other processors strictly for a specific purpose, such as hosting, cloud services, document destruction, archiving
Other service providers and auxiliary persons to whom data is transferred for the purpose of conducting the training or arranging accompanying services (e.g. hotels)
When integrating service providers into WIRTGEN’s data processing processes, WIRTGEN’s stringent data protection standards are contractually imposed on the service providers. In the case of contractual processing relationships, both parties enter into data protection agreements in accordance with the legal requirements of Article 28 of the GDPR.
In certain cases, we may also transfer your data to third parties, i.e. partners with whom we collaborate outside of a contractual processing arrangement. Such partners provide their services (e.g. payment services such as PayPal) as controllers in their own right; the processing of your data by these partners is governed solely by their privacy policies.
Your Rights in Relation to the Processing of Your Personal Data
We would like to inform you about your rights in relation to the processing of your personal data. If you have any questions about your rights or wish to assert your rights vis-à-vis our company, please contact our data protection officer at
or at the above mailing address, adding “Data Protection Officer.”
Right to Withdraw Your Consent (Article 7(3) of the GDPR) If you have granted your express consent to the processing of your personal data, you may withdraw this consent at any time. Withdrawing your consent does not affect the lawfulness of processing carried out on the basis of your consent before its withdrawal. You will be informed of this right of withdrawal before you grant your consent.
Right of Access (Article 15 of the GDPR) You have the right to obtain confirmation as to whether or not we are processing your personal data. If this is the case, you have the right to access this personal data. Where personal data is transferred to a third country or to an international organization, you also have the right to be informed of the appropriate safeguards pursuant to the GDPR relating to the transfer.
Right to Rectification (Article 16 of the GDPR) You have the right to obtain from us without undue delay the rectification of inaccurate personal data. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to Erasure, i.e. “Right to Be Forgotten” (Article 17 of the GDPR) You have the right to obtain the erasure of your personal data without undue delay where one of the following grounds applies:
The personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed
You withdraw consent and there is no other legal ground for the processing
You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing
You object to the processing for the purposes of direct marketing pursuant to Article 21(2) of the GDPR
The personal data has been processed unlawfully
The personal data has to be erased to comply with a legal obligation in European Union or German law
The personal data was collected in relation to the offer of information society services directly to a child referred to in Article 8(1) of the GDPR
We will comply with your request to erase the data unless we are required or authorized by law to continue to store and process your data. In addition, we are authorized to retain your data if it is not possible for us to assert, exercise, or defend against legal claims without your data.
Right to Restriction of Processing (Article 18 of the GDPR) Pursuant to Article 18 of the GDPR, you have the right to obtain from us the restriction of processing where one of the following applies:
You contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data
The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead
We no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise, or defense of legal claims
You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification of whether our legitimate grounds override your interests.
Where processing has been restricted, we are only authorized to store this data. In this case, further processing is only allowed with your consent or for the establishment, exercise, or defense of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest of the European Union or of an EU member state. You can withdraw your consent in this regard at any time. We will inform you before the restriction of processing is lifted.
Notification Obligation (Article 19 of the GDPR) Please note that we are obligated to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom your personal data has been disclosed. This does not apply if doing so proves impossible or involves disproportionate effort. We will inform you about these recipients if you request it.
Right to Data Portability (Article 20 of the GDPR) You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used, and machine-readable format. You also have the right to have us transfer this data to a third party in certain cases. This right cannot adversely affect the rights and freedoms of others, including our company, however. If this is the case, we are authorized to refuse to disclose or transfer your data.
Right to Object (Article 21 of the GDPR) If we process your data on the basis of a legitimate interest (Art. 6(1)(f) of the GDPR), you have the right to object to this on grounds relating to your particular situation. This also applies to profiling based on this provision. In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing. These must override your interests, rights, and freedoms or the processing must serve the establishment, exercise, or defense of legal claims.
Right to Lodge a Complaint with a Supervisory Authority (Article 77 of the GDPR) You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data violates the provisions of the GDPR. This does not affect any other administrative or judicial remedies to which you may be entitled.
It may become necessary to amend the content of this privacy information from time to time. As such, we reserve the right to amend this information at any time. We will also publish the amended version of the privacy information here and you can further request it from us at any time (see the contact details of the data protection officer above).
Version 1.3 (2021)
Social media profiles
I. Controller name and address
The controller within the meaning of the European Union’s General Data Protection Regulation is:
II. Contact details of the data protection officer
You can contact our data protection officer at:
Data Protection Officer c/o WIRTGEN GROUP Branch of John Deere GmbH & Co. KG Reinhard-Wirtgen-Strasse 2 53578 Windhagen, Germany Email:
III. Data processing by Wirtgen
We maintain online profiles on social networks and process user data in this context in order to communicate with users who are active on these platforms or to provide information about our company. If you have an account on one of the networks listed below, are logged in and choose to follow our page, you will be visible to us as a follower. As a result, we will process the personal data contained in your profile name and profile picture.
We process the same data when you like, comment on or share a post of ours, even if you do not follow our page.
Furthermore, we process the same data if you send us a message via the messaging feature. In this context, we additionally process the data that you voluntarily provide to us in your messages.
In addition, we receive anonymised statistical data about the users of these pages through features such as ‘Facebook Insights,’ a service provided by Facebook that you cannot opt out of. This data is collected with the help of cookies that Facebook saves on your system. These cookies each contain a unique user code that may also be linked to your profile on the platform. Such tools are also used by other social networks.
This data is processed on the basis of our legitimate interests pursuant to Article 6(1)(f) of the GDPR.
We do not perform any further analysis of your data beyond the aforementioned. We store your data as long as you follow our page. If you stop following our page, we will no longer process your data.
IV. Data processing by the operators of the social networks
We would like to expressly inform you that user data may be processed outside the territory of the European Union. This may result in privacy risks for users as data subjects that could, for example, make it more difficult to enforce the rights of data subjects.
Furthermore, user data on social networks is usually processed by the platform operators for market research and advertising purposes. For example, they may create usage profiles based on user behaviour and the resulting interests of the users. These usage profiles can, in turn, be used, for example, to serve adverts to users within and outside the networks that presumably correspond to the users’ interests. Cookies are usually saved on the users’ computers for these purposes, which are then used to store the user’s usage behaviour and interests. Furthermore, data may also be stored in the usage profiles regardless of the devices used by the users (especially if the users are members of the respective platforms and are logged in to them).
For a detailed explanation of the respective forms of processing and the options to opt out, please refer to the privacy statements and information provided by the operators of the respective networks.
In addition, in the case of requests for information and to exercise your rights as a data subject, we would like to point out that the most effective way to exercise these rights is to contact the providers directly. Only the providers have access to their users’ data and can take appropriate measures and provide information directly. If you still need help, feel free to contact us, however.
Types of data processed: Personal data (e.g., names, addresses), contact data (e.g., email addresses, telephone numbers), content data (e.g., data entered into online forms), usage data (e.g., websites visited, interest in content, access times), metadata/communication data (e.g., device information, IP addresses)
Data subjects: Users (e.g., website visitors, users of online services)
Legal basis: Legitimate interests (Article 6(1)(f) of the GDPR)
V. Your rights in connection with the data collected by Wirtgen
Below we would like to provide a summary of your rights under the General Data Protection Regulation.
1. Right to withdraw consent under applicable privacy law (Article 7(3) of the GDPR) You have the right to withdraw consent granted under applicable privacy law at any time. Please note that withdrawing your consent does not affect the lawfulness of processing on the basis of your consent before its withdrawal. You will be informed of this right before you grant your consent.
2. Right of access (Article 15 of the GDPR) Under Article 15 of the GDPR, you have the right to request confirmation from us as to whether we are processing personal data concerning you. Where this is the case, you have a right of access to this personal data and to the following information:
The purposes for which we are processing this data;
The categories of personal data that we process;
The recipients to whom this personal data has been or will be disclosed, in particular if this applies to recipients in third countries or international organisations;
Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
The existence of the right to request the rectification or erasure of personal data concerning you or the restriction of processing of personal data concerning you, or to object to such processing;
The right to lodge a complaint with a supervisory authority;
Where the personal data was not collected from you, any available information as to its source;
The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
If personal data is transferred to a third country or to an international organisation, you also have the right to information about the appropriate safeguards in place to ensure that these recipients also comply with the provisions of the GDPR.
3. Right to rectification (Article 16 of the GDPR) You have the right to obtain from us without undue delay the rectification of inaccurate personal data. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
4. Right to erasure, i.e., the ‘right to be forgotten’ (Article 17 of the GDPR) You have the right to obtain the erasure of your personal data without undue delay where one of the following grounds applies:
The data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
You withdraw consent on which the processing is based and there is no other legal ground for the processing;
You object to the processing on grounds relating to your particular situation in accordance with Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing;
You object to processing for direct marketing purposes in accordance with Article 21(2) of the GDPR;
The personal data has been processed unlawfully;
The personal data has to be erased to comply with a legal obligation under European Union or German law;
The data was collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.
If we have made your personal data public and are obligated to erase the data, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform controllers that you have requested the erasure of such personal data.
5. Right to restriction of processing (Article 18 of the GDPR) Pursuant to Article 18 of the GDPR, you have the right to obtain from us the restriction of processing where one of the following applies:
You contest the accuracy of the personal data, for a period that allows us to verify the accuracy of the personal data;
The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
We no longer need the personal data for the purposes of the processing, but you require the data for the establishment, exercise, or defence of legal claims; or
You have objected to processing on grounds relating to your particular situation pursuant to Article 21(1) of the GDPR pending the verification of whether our legitimate grounds override your interests.
Where processing has been restricted, we are only authorised to store this data. Any further processing is then only permitted with your consent or for the establishment, exercise, or defence of legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State. You can withdraw your consent granted in this context at any time. We will inform you before the restriction of processing is lifted.
6. Notification obligation (Article 19 of the GDPR) We are obligated to communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about these recipients if you request it.
7. Right to data portability (Article 20 of the GDPR) You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to have us transfer this data to a third party, provided that:
The processing of the data is based on your consent or on a contract, and
The processing is carried out by automated means.
In this context, you can instruct us to transfer your personal data directly to the third party, insofar as doing so is technically feasible and does not affect the rights and freedoms of others.
8. Automated individual decision-making, including profiling (Article 22 of the GDPR) We do not process your personal data in any way that is based solely on automated processing, including profiling.
9. Right to object (Article 21 of the GDPR) If we process your data on the basis of a legitimate interest (Art. 6(1)(f) of the GDPR), you have the right to object to this on grounds relating to your particular situation. This also applies to profiling based on this provision. In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing. These must override your interests, rights and freedoms or the processing must serve the establishment, exercise, or defence of legal claims. If we process your personal data for direct marketing purposes, you have the right to object, at any time, to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is conducted in conjunction with such direct marketing. If you object to the processing of your personal data for direct marketing purposes, we will cease to process your personal data for this purpose. You can object to such processing by simply sending a brief message to the contact details of the data protection officer listed above.
10. Right to lodge a complaint with a supervisory authority (Article 77 of the GDPR) You have the right to lodge a complaint with a supervisory authority, in particular in the EU member state of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data violates the provisions of the GDPR. This does not affect any other administrative or judicial remedies to which you may be entitled.