Privacy Policy of Willms Fleisch GmbH

1. Introduction

We are very pleased about your interest in our company.

Personal data is any information that relates to an identified or identifiable person. Even pseudonymous data that we cannot assign to you directly, e.g. via a name or an e-mail address, is personal data.

Since the protection of your personal data is very important to us, we inform you in this privacy policy about the nature, scope, purpose of the personal data processed by us and the rights as a data subject.

At the end of the privacy policy, you will find under the item definitions the various explanations of the terminology.

Responsible for the processing of personal data is:

Willms Fleisch GmbH
Felderhofer Bridge 15
53809 Ruppichteroth

Telephone +49 (0) 22 95 92 09 -0
Fax +49 (0) 22 95 22 75

The external company data protection officer is:

dokuworks GmbH

Mr. Markus Weber
Birlenbacher Str. 20
57078 Siegen

Phone: +49 271 77237-60

If you have any questions or suggestions on the subject of data protection, please feel free to contact us as the person responsible or our data protection officer at any time.

2. Data subject rights

You may assert the following rights with respect to your personal data against us:

  • Right to information (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR) or deletion (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing (Art. 21 GDPR)

If you submit a request for information to us, we will inform you whether and which data we have collected from you in accordance with data protection law. It is our endeavor to always ensure an up-to-date and error-free data collection. If, however, incorrect information has been recorded, we will correct it immediately following a corresponding request.

To do this, please send us a request to:

In addition to exercising your rights against us, you also have the right to file a complaint with a supervisory authority if you suspect a breach of data protection law (Art. 77 DSGVO).

3. Data protection notice for business partners

We are pleased that you are interested in Willms Fleisch GmbH and that you are contacting us.

The protection of your data is very important to us. With the data protection notice, we provide you with the following information in accordance with Art. 13 DSGVO on the processing of your personal data in connection with our business relationship.

Further information about our company, details of the persons authorized to represent us and further contact options can be found at

What data do we process and for what purposes?

We only process personal data that we have received from you or, if applicable, from publicly accessible sources in the course of our business relationship.

Personal data in the sense of Art. 4 No. 1 DSGVO can be: Names, telecommunication data and address data. In addition, we also process offer, inquiry and order data, data from the fulfillment of our contractual obligations, product data, documentation data, as well as other data comparable with the aforementioned categories.

The provision of your personal data is necessary for the initiation, implementation and processing of the contractual relationship. If it is not provided, it is unfortunately not possible for us to contact you to clarify the pre-contractual or contractual issues.

On what legal basis is the processing of your personal data based?

Your personal data is processed in accordance with the legal provisions of the DSGVO and the Federal Data Protection Act for the fulfillment of contractual obligations or for measures to initiate contracts (Art. 6 para. 1 p. 1 lit. b DSGVO). Furthermore, we may use this data for additional purposes within the scope of our business relationship.

How long is the data stored?

We process and store your personal data for the duration of our business relationship and at least in accordance with the statutory retention periods such as the German Commercial Code or the German Fiscal Code.

To whom is the data passed on and where is it processed?

We use the personal data only for our own purposes in the course of the business relationship. We would like to point out that we generally assume that our e-mail correspondence is business-related and therefore forward e-mails to your representatives in the absence of employees for better service.

4. Applicant management

The controller collects and processes the personal data of applicants for the purpose of managing the application process. The processing may also be carried out electronically. This is the case, in particular, if an applicant submits relevant application documents to the controller by electronic means, for example, by e-mail or via a web form located on the website. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions.

The legal basis for this processing is Section 26 (1) sentence 1 BDSG in conjunction with Article 88 (1) GDPR.

If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted six months after notification of the rejection decision, provided that no other legitimate interests of the controller conflict with such deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act.

In this case, the legal basis is Art. 6 Para. 1 lit. f GDPR and § 24 Para. 1 No. 2 BDSG. Our legitimate interest lies in the legal defense or enforcement.

If you expressly consent to a longer storage of your data, e.g. for your inclusion in a database of applicants or interested parties, the data will be processed on the basis of your consent. The legal basis is then Art. 6 para. 1 lit. a GDPR. However, you can of course revoke your consent at any time in accordance with Art. 7 (3) GDPR by declaration to us with effect for the future.

5. data protection when visiting our website

Nature and purpose of processing:

When you access our website, i.e., when you do not register or otherwise submit information, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and the like.

In particular, they are processed for the following purposes:

  • Ensuring a smooth connection setup of the website,
  • Ensuring a smooth use of our website,
  • evaluating system security and stability, and
  • to optimize our website.

We do not use your data to draw conclusions about you personally. Information of this kind is statistically evaluated by us anonymously, if necessary, in order to optimize our website and the technology behind it.

Legal basis and legitimate interest:

The processing is carried out in accordance with Art. 6 (1) lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.


Recipients of the data may be technical service providers who act as order processors for the operation and maintenance of our website.

Storage period:

The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is generally the case for data used to provide the website, when the respective session has ended.

In the case of storage of data in log files, this is the case after 14 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are anonymized, so that an assignment of the calling client is no longer possible.

Provision prescribed or required:

The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of our website is not guaranteed. In addition, individual services and services may not be available or may be limited. For this reason, an objection is excluded.

6. Hosting

We host the contents of our website with the following provider:

Host Europe GmbH
c/o WeWork
Friesenplatz 4
50672 Cologne

by phone: +49 221 99999 301 
by telefax: +49 221 99999 350
by E-Mail:

For details, please refer to the provider's privacy policy:

The use of provider is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in the most reliable presentation of our website. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.

7. Use of analysis tools, tracking tools and cookies.

Cookies are small text files that are placed on your device and collect data that can later be read by a web server of the domain that placed the cookie.

Cookies and similar technologies are used on our website to provide a more user-friendly service to users of this website, to analyze the performance of our products and to fulfill other legitimate purposes.

The data subject can prevent the setting of cookies by our website at any time by means of an appropriate setting of the Internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an Internet browser or other software programs. This is possible in all common Internet browsers. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be fully usable.

The following types of cookies can be distinguished:

7.1 Technically necessary cookies

Technically necessary cookies are those that secure basic functions of the website and thus enable its operation. This is merely a matter of technical necessity, not economic aspects.

The legal basis is our legitimate interest in providing a functional website according to Art. 6 para. 1 lit. f GDPR or the fulfillment of a legal obligation according to Art. 6 para. 1 lit. c GDPR.

For the aforementioned purposes, we use the services of third parties listed below, who are responsible for the data processing taking place via their respective service in accordance with Art. 4 (7) GDPR. Further information on data processing by these providers and your rights as a data subject can be found in the privacy statements of the providers linked below:

  • Google Fonts (local hosting) (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)   

This site uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you use must establish a connection to our server. Your data is not passed on to Google in this way. The use of Google Web Fonts is in the legitimate interest of a uniform and appealing presentation of our online offers within the meaning of Art. 6 (1) lit. f GDPR.

If your browser does not support web fonts, a standard font will be loaded from your computer.

8. Contact

If you contact us (e.g. via contact form, chat or e-mail), we process your data to process the request and in the event that follow-up questions arise.

If the data processing is carried out for the implementation of pre-contractual measures, which are carried out on your request, or, if you are already our customer, for the implementation of the contract, the legal basis for this data processing is Art. 6 para. 1 p. 1 lit. b GDPR.

9. Storage period

Unless specifically stated, we store personal data only as long as necessary to fulfill the purposes pursued. In some cases, the legislator provides for the retention of personal data, such as in tax or commercial law. In these cases, we only continue to store the data for these legal purposes, but do not process it in any other way and delete it after the legal retention period has expired.

10. Definitions

The data protection declaration is based on the terms used by the European Directive and Ordinance Maker when issuing the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.

Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Data subject

Data subject means any identified or identifiable natural person whose personal data are processed by the controller.


Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.


Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.


Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.

Controller or person responsible for the processing

The controller or person responsible for processing is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.


Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.


Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

Third Party

Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.


Consent shall mean any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

11. Transfer of data to third parties

We do not transfer your personal data to third parties for purposes other than those listed below. We will only pass on your personal data to third parties if:

  • you have given your express consent to do so in accordance with Art. 6 (1) p. 1 lit. a GDPR,
  • the disclosure is required under Art. 6 (1) p. 1 lit. f GDPR for the assertion, exercise or defense of legal claims and there is no reason to believe that you have an overriding legitimate interest in not disclosing your data,
  • in the event that there is a legal obligation for disclosure pursuant to Art. 6 (1) p. 1 lit. c GDPR, as well as
  • this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b GDPR for the processing of contractual relationships with you.

12. Data security

We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities.

Your personal data is transmitted encrypted with us. This applies to your orders and also to the customer login. We use the SSL (Secure Socket Layer) coding system, but we would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. A complete protection of data against access by third parties is not possible.

13. Topicality and change of this data protection explanation

This data protection declaration is currently valid and has the status July 2023. Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection declaration.