Privacy Policy of wdp GmbH

The requirements of the EU General Data Protection Regulation (hereinafter DSGVO) apply throughout Europe. We guide you through our processing of personal data in accordance with this Regulation (see Articles 13 and 14 DSGVO). If you have any questions or comments about this privacy statement, you can address them to the e-mail address indicated under points 1.2. and 1.3. below.


1. Overview

1.1 Scope
1.2 Responsibility
1.3 Data Protection Officer

2. Data processing in detail

2.1 General information about data processing
2.2 Visiting/opening the website/application
2.3 Newsletter
2.4 Application

3. Rights of data subjects

3.1 Right to object
3.2 Right to information
3.3 Right of rectification
3.4 Right to deletion (“right to be forgotten”)
3.5 Right to restriction of processing
3.6 Right to data portability
3.7 Right to withdrawal after given consent
3.8 Right of appeal

4. Glossary

1. Overview

In this section of the privacy policy you will find information on the scope of application, the person responsible for data processing and the data protection officer.

1.1 Scope

On this page we inform you about the type, scope and purpose of the personal data collected by wdp GmbH, which are processed both when you visit this homepage and during other processing operations under our responsibility which are not related to this homepage.

This Privacy Policy applies to the following items:

  • our online offer is available at; or or
  • If one of our presences (such as websites, subdomains, mobile applications, web services, or third-party affiliations) refers you to this privacy policy, regardless of the way in which you access or use it.

1.2 Responsibility

Data Controller – ie the one who decides on purposes and means of processing personal data – is

wdp GmbH
Friesenwall 5-7
50672 Köln
+49 (0) 221 677 874 10

1.3 Data Protection Officer

You can contact our data protection officer as follows:

Contact form

Dipl.-Kfm. Marc Althaus
Frapanweg 22
D-22589 Hamburg

2. Data processing in detail

In this section of the privacy policy, we will inform you in detail about the processing of personal data as part of our services. For better clarity, we divide this information by certain functionalities.

2.1 General information about data processing

For all processing operations described below, unless stated otherwise:

2.1.1 No obligation to provide

There is no contractual or legal obligation to provide personal data. You are not required to provide data.

2.1.2 Consequences of non-provision

In the case of required data (data which are marked as obligatory when entering data), non-provisioning means that the service concerned cannot be provided. Otherwise, non-provisioning may mean that our services cannot be provided in the same form and quality.

2.1.3 Transmission to state authorities

We transfer personal data to governmental authorities (including law enforcement agencies) only when required to fulfill a legal obligation to which we are subject (legal basis: Art. 6 (1) (c) DSGVO) or to assert, exercise or defend legal claims (legal basis Art. 6 para. 1 f) DSGVO).

2.1.4 Storage time

We do not store your data longer than we need for the respective processing purposes. If the data is no longer required for the fulfillment of contractual or legal obligations, these data will be deleted on a regular basis, unless their temporary storage is still necessary. Reasons for this may e.g. be the following:

  • The fulfillment of commercial and tax retention requirements
  • The receipt of evidence for legal disputes within the framework of the statutory limitation regulations

2.1.5 Categories of recipients

In addition to the categories of recipients listed below, personal data are also transmitted to the following categories of recipients: shipping service providers, telephone and fax providers.

2.1.6 Data categories

  • Account data:
    Login/user ID and password
  • Personal master data:
    Title, salutation, gender, first name, last name, date of birth
  • Address data:
    Street, house number, if necessary adress extension, zip code, city, country
  • Contact details:
    Telephone number(s), fax number(s), e-mail address(es)
  • Credentials:
    Information from the service you have signed up for; date and technical information on registration, confirmation and deregistration; data you specified at registration
  • Access data:
    Date and time of the visit of our service; the page from which the accessing system came to our site; pages accessed during use; Session identification data; and the following information about the accessing computer system: Internet Protocol address (IP address), browser type and version, device type, operating system and similar technical information.
  • Application data:
    Curriculum vitae, certificates, evidence, work samples, pictures, results from assessment center and test procedures

2.2 Visiting/opening the website/application

Here’s how we process your personal information when you visit our services.

2.2.1 Information about processing

Data CategoryPurpose Legal basisLegitimate interestStorage period
Access dataconnection establishment, presentation of the contents of the service, detection of attacks on our side based on unusual activities, fault diagnosisProtection of legitimate interests (Art. 6 para. 1f DSGVO)proper function of the services, security of data and business processes, prevention of abuse, prevention of damage by interference with Information systems7 days

2.2.2 Recipients of personal data

Recipient categoryData concernedLegal basis of the transfer
IT security service provideraccess dataorder processing (Art. 28 DSGVO)

2.2.3 Content providers submitting data to third countries

No data are submitted to third countries.

Title of the serviceFunctionality Data transfer to third country?Appropriateness decision (Article 45 DSGVO)Suitable guarantees (Art. 46 DSGVO)
Google MapsIntegration for directionsyesEU Standard Contractual Clauses
Facebooklink to Facebook pageyesEU Standard Contractual Clauses
MyFontsembedding fontsyesEU Standard Contractual Clauses

2.2.4 Tracking to analyze and optimize our services and their use, as well as to measure the success of advertising campaigns and optimize the display of advertising

Below we describe how your personal data is processed using tracking technologies for the analysis and optimization of our services and for advertising purposes.

The description of the tracking procedures also includes information on how you can prevent or object to the processing of your data. Please note that the so-called “opt-out”, i.e. the refusal of processing, is usually stored via cookies. If you use our services via a new device or in a different browser or if you have deleted the cookies set by your browser, you will have to reject again.

The tracking procedures described above process personal data only in pseudonymous form. A connection with a concrete, identified natural person, i.e. a combination of the data with information about the bearer of the pseudonym, does not take place.

Purposes of processing

The analysis of user behavior by means of tracking helps us to check the effectiveness of our services, to optimize them and adapt them to the needs of the users, and to correct errors. Tracking to measure the success of advertising campaigns helps us to optimize our ads for the future.

Legal basis of the processing

Consent pursuant to Art. 6 para. 1 lit. a DSGVO and legitimate interest pursuant to Art. 6 para. 1 f) DSGVO

The tracking methods used in detail

Name of serviceService ProviderFunctionality Possibility to prevent processing (opt-out)Data transfer to third country?Appropriateness resolution (Article 45 DSGVO)suitable guarantees (Art. 46 DSGVO)
Google Analytics with anonymization functionGoogle Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USAWeb Analytics & Remarketing

Google Analytics uses so-called “cookies”, text files that are stored on your computer and thereby allow an analysis of the use of the website by you.
The information generated by these cookies, such as the time, location and frequency of your website visit, including your IP address, is transmitted to Google in the United States and stored there.
We use Google Analytics on our website with an IP anonymization feature. In this case, your IP address will already be shortened and thus anonymised by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.
Google will use this information to evaluate your use of our site, to compile reports on our website activity, and to provide other services related to website activity and internet usage. Google may also transfer this information to third parties if required by law or as far as third parties process this data on behalf of Google.

OptOut Google Analytics

NoEU Standard Contractual Clauses
Google AdwordsGoogle Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USAConversion Tracking

The information obtained by means of the “Conversion Cookies” is used by Google to create visitor statistics for our web site. These statistics tell us the total number of users who clicked on our ad, and which pages on our site were subsequently accessed by their respective users. However, we or others through “Google Adwords” advertisers do not receive any information that personally identifies users. Standard Contractual Clauses
Google RemarketingGoogle Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USARemarketing

Google Remarketing can show ads to people who have already visited our website in the past. Within the Google ad network, advertisements tailored to their interests can be displayed on our site. Standard Contractual Clauses
Google Tag ManagerGoogle Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USATag Management

With the Google Tag Manager, the here mentioned Trackers are flexibly turned on / off.

OptOut Google Tag Manager

YesEU Standard Contractual Clauses
Facebook PixelFacebook Inc., 1601 S. Califor-nia Ave, Palo Alto, CA 94304, USAWeb Analytics & Remarketing

Each time you visit our website that has such a component, this component causes the browser you are using to download a corresponding representation of the Facebook component. Through this process, Facebook is informed about which specific page of our website is being visited by you.
If you visit our site and are logged in to Facebook, Facebook recognizes through the information collected by the component, which specific page you visit and assigns this information to your personal account on Facebook.

OptOut FacebookYesEU Standard Contractual Clauses
Facebook Custom AudiencesFacebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USARemarketing & Social Media Analyse

We use personal contact information from you to find you on Facebook about so-called Custom Audiences.

OptOut FacebookYesEU Standard Contractual Clauses
LinkedIn-Komponenten / Linkedin-PixelLinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USARemarketing & Social Media Analyse

Each time you access our website that is equipped with such a component, this component causes the browser you are using to download a corresponding representation of the component from LinkedIn. This process informs LinkedIn which specific page of our website is being visited. As a result, LinkedIn is able to associate your visit to our sites with your LinkedIn user account.

OptOut LinkedInYesEU Standard Contractual Clauses
MyFonts CounterMyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, USAMyFonts obliges wdp GmbH to use the MyFonts Counter to properly account for the calculation of annual license fees for the use of protected fonts on To prevent the execution of Java Script code from MyFonts altogether, you can install a Java Script Blocker (for example, Further information on data protection at MyFonts can be found at the following link: Standard Contractual Clauses
HotjarHotjar Ltd
Level 2, St Julians Business Centre
3, Elia Zammit Street
St Julians STJ 3155, Malta, Europe
We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices (in particular device’s IP address (captured and stored only in anonymized form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), preferred language used to display our website). Hotjar stores this information in a pseudonymized user profile. Neither Hotjar nor we will ever use this information to identify individual users or to match it with further data on an individual user. For further details, please see Hotjar’s privacy policy on Standard Contractual Clauses
Lead ForensicsLondon
4 Old Park Lane
London W1K 1QW
This website uses Lead Forensics (, an IP address-based web analytics service to optimize the website and analyse our Internet content, advertising and lead generation. Lead Forensics works on the basis of reverse-business IP tracking, which is not identical to cookies. Instead, it uses a code that tracks the IP addresses that visit our Web site, identifies them as business-related, and matches them to a wholly-owned global database of business and business information. The software is designed exclusively to use business-related information to effectively match a business IP address with broader business data to provide us with valuable business-related visitor information. such as the date and duration of the user’s visit and the web pages visited by the user. We may use this information to contact the company about their experiences or for marketing purposes. We will not pass this information on to third parties for any reason. In addition, Lead Forensics does not identify personal IP addresses, mobile devices, or other data other than those associated with the company. There is no individual, personal or sensitive information about who visited our website.

2.2.5 Cookies

2.3 Newsletter

This happens to your personal data in connection with a subscription to our newsletter:

2.3.1 Information about processing

Data CategoryPurposeLegal basisLegitimate interestStorage period
E-mail-addressVerification of the application (double-opt-in procedure), sending of the newsletterConsent (Art. 6 para. 1a DSGVO)Duration of the newsletter subscription
Personal master dataPersonalization of the newsletterConsent (Art. 6 para. 1a DSGVO)Duration of the newsletter subscription
Registration/deregistration dataTraceability of newsletter registration/confirmation/deregistrationProtection of legitimate interests (Art. 6 para. 1f DSGVO)Proof of successful newsletter registration/confirmation/deregistrationDuration of the newsletter subscription (unsubscription data unlimited to fulfill accountability obligations)
User profile data NewsletterInterest-oriented design of the newsletterProtection of legitimate interests (Art. 6 para. 1f DSGVO)Improvement of our service, advertising purposesDuration of the newsletter subscription

2.3.2 Recipients of personal data

Recipient categoryData concernedLegal basis of the transfer
Service provider for newsletter distributionall data mentioned under 2.3.1order processing (Art. 28 DSGVO)

2.4 Application

In an ongoing application process, we process your personal data in the following ways:

2.4.1 Information about processing

Data CategoryPurposeLegal basisLegitimate interestStorage period
Address data, contact detailsIdentification, establishment of contact, communication for the initiation of a contractContract (Art. 6 para. 1b DSGVO)Necessity for contact as well as matching of application documents6 months
Personal master dataIdentification, establishment of contact, age verification Contract (Art. 6 para. 1b DSGVO)Necessity for contact as well as matching of application documents6 months
Application dataApplicant selectionContract (Art. 6 para. 1b DSGVO)Necessity for objective selection6 months

2.4.2 Recipients of personal data

Recipient categoryData concernedLegal basis of the transfer
Cloud storage service

Egnyte Inc.
1350 W. Middlefield Road
Mountain View, CA 94043

all data cited under 2.4.1, encrypted filedOrder processing (Art. 28 DSGVO) and EU Standard Contractual Clauses
Online Task Management

Asana Inc.
1550 Bryant Street, 8th Floor
San Francisco, CA 94103

all data cited under 2.4.1Order processing (Art. 28 DSGVO) and EU Standard Contractual Clauses

2.4.3 Data submitted to third countries

RecipientData categoriesAppropriateness decision (Article 45 DSGVO)Suitable guarantees (Art. 46 DSGVO)
Asana Inc.
1550 Bryant Street, 8th Floor
San Francisco, CA 94103
all data cited under 2.4.1EU Standard Contractual Clauses and encrypted storage of data

3. Rights of data subjects

3.1 Right to object

You have the right to object, at any time, for reasons arising from your particular situation, with future effect, to the processing of personal data concerning you that is carried out pursuant to Article 6, paragraph 1, letters e) or f) DSGVO, including profiling based on these provisions.

You can exercise the right to object free of charge.

3.2 Right to information

You have the right to know whether personal data concerning you is processed, which personal data this may be, and further information in accordance with Art. 15 DSGVO.

3.3 Right of rectification

You have the right to demand that we correct your incorrect personal data without delay (Art. 16 DSGVO). Taking into account the purposes of processing, you have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

3.4 Right to deletion (“right to be forgotten”)

You have the right to demand that personal data relating to you be deleted immediately if one of the reasons stated in Art. 17 (1) DSGVO is applicable and the processing is not for one of the purposes set out in Art. 17 (3) DSGVO is required.

3.5 Right to restriction of processing

You are entitled to demand a restriction on the processing of your personal data if one of the conditions laid down in Art. 18 (1) (a) to (d) DSGVO is met.

3.6 Right to Data Portability

You have the right to receive personally identifiable information that you provided us in a structured, common and machine-readable format. Furthermore, you have the right to transmit this data to another person responsible without hindrance or to obtain that a direct transmission takes place by us, if this is technically possible. This should always apply if the basis of the data processing is the consent or a contract and the data is processed automatically. Accordingly, this does not apply to data held in paper form only.

3.7 Right to withdrawal after consent

If the processing is based on your consent, you have the right to withdraw your consent at any time. The legality of the processing on the basis of the consent up to the time the withdrawal was declared is not affected.

3.8 Right of appeal

You have the right of appeal to a supervisory authority.

4. Glossary

A natural or legal person, agency, institution or other body that processes personal data on behalf of the controller.

Computer program for displaying web pages (e.g., Chrome, Firefox, Safari)

In the context of the World Wide Web, a cookie describes a small text file that is stored locally on the computer of the user when visiting a website. This file stores data about the behavior of the user. When the browser is called up and the corresponding website is visited repeatedly, the cookie is used and uses the stored data to provide the web server with information about the surfing behavior of the user.

In this context, “cookies” are not edible cookies, but information that a website stores locally on a visitor’s computer in a small text file. This can be settings already made by the user on a page, but also information that the website has gathered completely independently from the user. Later, these locally stored text files can then be read out again by the same web server from which they were created. Most browsers accept cookies automatically. You can manage cookies using the browser features (usually under “Options” or “Preferences”). This may disable the storage of cookies, be made dependent on your approval in individual cases or otherwise restricted. You can also delete cookies at any time.

Third countries:
Country that is not bound by the legal requirements of the EU Data Protection Directive (non-EEA country)

Personal data:
Any information relating to an identified or identifiable natural person. A natural person is considered as identifiable, which can be identified directly or indirectly, in particular by association with an identifier such as a name, an identification number, location data, an online identifier or one or more special features, the expression of the physical , physiological, genetic, mental, economic, cultural or social identity of this natural person.

Pixels are also called counting pixels, tracking pixels, web beacons or web bugs. These are small, invisible graphics in HTML emails or on web pages. When a document is opened, this small image is downloaded from a server on the Internet, where the download is registered there. This allows the operator of the server to see if and when an e-mail has been opened or a website has been visited. This function is usually realized by calling a small program (Javascript). This will allow certain types of information to be detected and shared on your computer system, such as the content of cookies, the time and date of the page view, and a description of the page on which the pixel is located.

Any type of automated processing of personal data, which consists in using that personal data to evaluate certain personal aspects relating to a natural person, in particular aspects relating to work performance, economic situation, health, personal preferences, interests To analyze or predict the reliability, behavior, location or change of location of this natural person

The collection of data and their evaluation regarding the behavior of visitors to our services.

Tracking can be done either via the activity logs (log files) stored on our web servers or by collecting data from your device via pixels, cookies and similar tracking technologies.

Any process or series of operations related to personal information, such as collection, collection, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure, performed with or without the aid of automated procedures by submitting, distributing or otherwise providing, adjusting, linking, limiting, erasing or destroying.