
Privacy Policy
1. Data Protection at a Glance
General Information
We take the protection of personal data seriously. Personal data is any information that can be used to identify you directly or indirectly, such as name, address, email address, payment data, customer number, IP address or usage data. This privacy policy explains what data we process when you visit our website, use our online shop, top up credit or membership cards, or contact us.
Who is responsible?
The w&w immo GmbH is responsible for data processing. Contact details can be found in the section "Data Controller".
How do we collect your data?
On the one hand, data is collected when you provide it to us, for example when placing an order, registering, topping up credit, submitting a contact enquiry or making a payment. On the other hand, technical data is automatically processed when you visit the website, such as IP address, browser type, operating system, time of access and pages viewed.
What do we use your data for?
We use data to provide the website, process orders and online payments, manage customer credit and membership cards, communicate with customers, fulfil legal obligations, and ensure the security and optimisation of our offering.
Your Rights
Under the GDPR, you have in particular the right to access, rectification, erasure, restriction of processing, data portability, objection to certain processing activities and withdrawal of consent given. You also have the right to lodge a complaint with a data protection supervisory authority.
2. Data Controller
w&w immo GmbH
Schmiedingerweg 4
5722 Niedernsill
Austria
Email: office@wuw.immo
The data controller is the natural or legal person who alone or jointly with others determines the purposes and means of processing personal data.
3. Legal Bases for Processing
We process personal data on the basis of the following provisions of the General Data Protection Regulation (GDPR):
- Art. 6(1)(a) GDPR: consent, e.g. for optional cookies, newsletters or certain marketing services
- Art. 6(1)(b) GDPR: performance of a contract or pre-contractual measures, e.g. shop orders, credit top-ups, customer accounts, payment processing
- Art. 6(1)(c) GDPR: compliance with legal obligations, e.g. tax and commercial retention obligations
- Art. 6(1)(f) GDPR: legitimate interest, e.g. secure and stable website, abuse prevention, IT security, handling general enquiries
Where information is stored on or read from end devices (e.g. cookies), this is done for technically necessary services on the basis of legitimate interest or the necessity of the service. Optional cookies and similar technologies are only used after consent has been given.
4. Data Subject Rights
Access, Rectification and Erasure
You have the right to obtain information about the personal data stored by us. You may also request the correction of inaccurate data and the erasure of your data, provided no statutory retention obligations or overriding legitimate grounds prevent this.
Restriction of Processing
Under the statutory conditions, you may request that the processing of your personal data be restricted, for example while the accuracy of the data is being verified or while an objection is pending.
Data Portability
Where data is processed automatically on the basis of your consent or for the performance of a contract, you may request to receive this data in a commonly used, machine-readable format or to have it transferred to another controller, where technically feasible.
Withdrawal of Consent
Consent given may be withdrawn at any time with effect for the future. The lawfulness of processing carried out until withdrawal remains unaffected.
Right to Object
Where processing is based on Art. 6(1)(e) or (f) GDPR, you may object at any time for reasons arising from your particular situation. Where personal data is processed for direct marketing, you may object at any time.
Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority. In Austria, this is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, www.dsb.gv.at.
5. Security and Encryption
Our website uses SSL or TLS encryption. You can recognise an encrypted connection by "https://" and the padlock symbol in the browser bar. This protects data you transmit to us from being read by third parties. Please note that data transmissions over the internet may nevertheless involve security risks.
6. Hosting, Server Log Files and Technical Provision
Hosting
Our website is hosted by a technical service provider. The hosting provider processes the data required for the secure and stable operation of the website. Contracts pursuant to Art. 28 GDPR are concluded with processors where necessary.
Server Log Files
When visiting the website, technical information is automatically processed, in particular browser type and version, operating system, referrer URL, hostname or IP address of the accessing device, time of the server request and pages accessed. This processing is carried out for the technical provision, stability, security and error analysis of the website on the basis of Art. 6(1)(f) GDPR. Server log files are stored only as long as necessary for these purposes, unless longer storage is required to investigate abuse or security incidents.
7. Cookies and Consent Management
Our website may use cookies and similar technologies. Technically necessary cookies serve to provide basic functions, such as shopping cart, login, secure payment processing or storage of your privacy settings. Optional cookies, for example for statistics, marketing or external media, are only set if you have previously consented.
You can change or withdraw your consent at any time via the cookie or consent tool used on the website. You can also delete or block cookies via your browser settings. Disabling certain cookies may limit website functionality.
8. Contact
Contact by Email or Phone
When you contact us by email or phone, we process your details, in particular name, contact details, content of the enquiry and, where applicable, contract or customer data, to handle your request. The legal basis is Art. 6(1)(b) GDPR if the enquiry relates to a contract or pre-contractual measures, otherwise Art. 6(1)(f) GDPR.
Contact Form
If a contact form is offered on the website, the data entered there is processed to handle the enquiry. Mandatory fields are required to assign and respond to the enquiry. The data is deleted once the purpose no longer applies, unless statutory retention obligations prevent this.
9. Customer Account, Membership Cards and Credit
When you create a customer account, register a membership card or top up credit online, we process the data required for this. This may include in particular name, email address, customer number, card number, transaction data, credit balance, top-up amount, payment status, billing data, IP address and times of use.
Processing is carried out to provide and manage the customer account, assign and top up credit, process services at the car wash, handle payments and invoicing, and prevent abuse and fraud. The legal basis is Art. 6(1)(b) GDPR. Where data must be retained for legal reasons, processing is additionally based on Art. 6(1)(c) GDPR.
10. Online Shop and Payment Processing
Order and Contract Data
For orders in the online shop and credit top-ups, we process the data required to perform the contract, in particular contact details, order data, billing data, payment status, technical transaction data and, where applicable, customer numbers or card data. The legal basis is Art. 6(1)(b) GDPR.
Payment Providers
External payment service providers may be used for payment processing. Depending on the payment method selected, payment data, transaction data, billing data and technical information are transmitted to the respective payment service provider. Processing is carried out for contract performance and payment processing pursuant to Art. 6(1)(b) GDPR and for compliance with legal obligations pursuant to Art. 6(1)(c) GDPR. Payment providers partly process data in their own responsibility.
Notice on Specification
The specific payment providers used (e.g. Stripe, PayPal, Klarna, credit card, instant bank transfer or bank transfer) must be added on the website according to the actual technical implementation. If credit card or wallet payments are offered, the privacy information of the respective payment service provider also applies.
11. Invoices, Accounting and Statutory Retention
Data from orders, payments, invoices and business relationships is processed to fulfil tax, commercial and accounting obligations. The legal basis is Art. 6(1)(c) GDPR. Statutory retention obligations may in particular be seven years or longer, where required for legal enforcement or by law.
12. External Services, Maps and Media
Google Maps or Similar Map Services
If maps or location services are embedded on the website, personal data such as IP address and technical usage data may be transmitted to the respective provider when the service is loaded. Such services are loaded only after your consent, unless technically mandatory. The legal basis is Art. 6(1)(a) GDPR.
Fonts, Videos and External Media
External fonts, videos or embedded content may cause providers such as Google, YouTube, Vimeo or other third parties to process technical data. Where possible, fonts are hosted locally. External media is only used where necessary for display or where you have consented.
Google reCAPTCHA or Similar Protection Services
Security services such as reCAPTCHA or similar solutions may be used to protect forms and online offerings from spam, abuse and automated attacks. IP address, technical usage data and interaction data may be processed. The legal basis is Art. 6(1)(f) GDPR or your consent pursuant to Art. 6(1)(a) GDPR, depending on the implementation.
13. Analytics, Statistics and Marketing
Our website may use analytics and marketing services to measure reach, usage and effectiveness of offerings. Such services are only used where a corresponding legal basis exists. Non-essential analytics and marketing services are generally activated only after your consent.
Possible providers include Google Analytics, Meta Pixel or similar services. Information such as IP address, page views, click behaviour, device information, referrer and cookie identifiers may be processed. The specific list of services used must match the cookie or consent tool on the website.
14. Newsletter and Direct Marketing
If you subscribe to a newsletter, we use your email address exclusively to send the newsletter and related records. Registration takes place only with your consent pursuant to Art. 6(1)(a) GDPR. You can unsubscribe from the newsletter at any time via the unsubscribe link or by email.
Existing customers may receive information about similar own services to the extent permitted by law. You may object to such use at any time.
15. Social Media and External Profiles
We may operate profiles on social networks, such as Facebook or Instagram. When visiting these platforms, the respective provider processes personal data independently or jointly with us. We have only limited influence over the data processing of platform operators. Information on this can be found in the privacy notices of the respective platform.
When you communicate with us via social media, we process your messages, profile information and interaction data to handle the enquiry and communicate with you. The legal basis is Art. 6(1)(f) GDPR or, for contract-related enquiries, Art. 6(1)(b) GDPR.
16. Data Disclosure and Processors
Personal data is disclosed only where necessary for contract performance, payment processing, technical provision, compliance with legal obligations, enforcement of legal claims or on the basis of your consent. Recipients may include IT and hosting service providers, payment service providers, tax advisors, accounting, banks, technical operators of the membership card/credit system and authorities.
Where service providers process personal data on our behalf, we conclude data processing agreements pursuant to Art. 28 GDPR.
17. Data Transfers to Third Countries
Some providers may process data outside the European Union or the European Economic Area. Such transfers take place only where the statutory requirements are met, for example through an adequacy decision of the EU Commission, appropriate safeguards such as EU standard contractual clauses or your explicit consent.
18. Storage Period
We store personal data only as long as necessary for the respective purpose or as required by statutory retention obligations. Data from contract, payment and invoicing processes is stored in accordance with statutory periods under tax and commercial law. Technical log data is generally stored only for a short period, unless longer storage is required for security or legal enforcement. Data from contact enquiries is deleted once the enquiry has been handled and no retention obligations prevent this.
19. Objection to Advertising Emails
We object to the use of contact data published in the imprint and this privacy policy for the transmission of unsolicited advertising. We reserve the right to take legal action in the event of unsolicited advertising, in particular spam emails.
20. Changes to this Privacy Policy
We reserve the right to amend this privacy policy when the legal situation, technical processes or our online offering change. The version published on the website applies.