Privacy Policy
An overview of data protection. This Privacy Policy provides an overview of what happens to your personal data when you visit our website. "Personal data" means any information relating to an identified or identifiable natural person. For detailed information, please read the sections below.
1.Controller (who is responsible?)
The controller for data processing on this website is:
Wilhelm Solutions UG (haftungsbeschränkt) Universität des Saarlandes, Campus Starterzentrum, Gebäude A1 2, 66123 Saarbrücken, Germany
Phone: +49 151 15596423
E‑mail: cad@wilhelmsolutions.net
The controller is the natural or legal person who determines the purposes and means of processing personal data.
2.How do we collect your data?
You provide data to us (e.g., via contact forms or when registering an account).
Technical data are collected automatically when you access the website (e.g., browser type, operating system, time of access). This collection happens automatically when you visit the website.
3.What do we use your data for?
To provide and secure the website and our services.
To respond to inquiries and perform pre‑contractual/contractual measures where applicable.
To manage accounts and deliver the functionalities you request.
4.Your rights
You have the right to access, rectify, erase, or restrict processing of your personal data, the right to data portability, and the right to object to processing in certain cases.
If processing is based on consent, you may withdraw consent at any time with effect for the future.
You also have the right to lodge a complaint with a supervisory authority.
5.Hosting and Content Delivery Network (CDN)
We host our website and related services with providers that act on our instructions under a data processing agreement.
Amazon Web Services (AWS). Provider: Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg ("AWS"). When you visit our website, personal data may be processed on AWS servers. Transfers to third countries (e.g., the United States) may occur and are safeguarded by appropriate transfer mechanisms (e.g., EU Standard Contractual Clauses and/or the EU‑US Data Privacy Framework, where applicable).
Amazon CloudFront (CDN). We use Amazon CloudFront as a globally distributed content delivery network to improve availability and performance. In this context, technical data (e.g., IP address, request metadata) may be processed by AWS/CloudFront. Any third‑country transfers are safeguarded as above.
Legal basis. Use of hosting/CDN is based on our legitimate interests in reliable and secure provision of the website (Art. 6(1)(f) GDPR). Where consent is required for accessing/end‑device information under applicable law (e.g., § 25(1) TDDDG), we will obtain it.
Data processing agreement (DPA). We have concluded DPAs with the above providers to ensure processing only under our instructions and in compliance with GDPR.
6.General information and mandatory information
Data security; encryption. We apply appropriate technical and organizational measures to protect your data. Communication with the website uses HTTPS (TLS). If TLS is active, data transmitted to us cannot be read by third parties in transit.
Storage duration. Unless a more specific retention period is stated in this policy, we store personal data only as long as necessary for the purposes stated or as required by legal retention obligations. If you request deletion or withdraw consent, we will delete your data unless other legal bases require continued storage (e.g., tax/commercial retention). Deletion will occur after such obligations expire.
Legal bases for processing. Depending on the context, we rely on: • Art. 6(1)(a) GDPR – consent (you may withdraw at any time), • Art. 6(1)(b) GDPR – performance of a contract or pre‑contractual measures, • Art. 6(1)(c) GDPR – compliance with legal obligations, • Art. 6(1)(f) GDPR – legitimate interests (e.g., website security, responding to requests).
Recipients of personal data. We may share data with service providers (processors) that support our operations (e.g., hosting, form handling, scheduling). Sharing occurs on the basis of a DPA. In other cases, we share data only if permitted by law (e.g., to fulfill a contract or legal obligation) or with your consent. In case of joint processing, we conclude a joint‑controller agreement as required.
Right to object under Art. 21 GDPR. Where processing is based on Art. 6(1)(e) or (f) GDPR, you have the right to object on grounds relating to your particular situation. If you object, we will stop processing unless we demonstrate compelling legitimate grounds that override your interests, rights and freedoms, or the processing serves the establishment, exercise, or defense of legal claims. Where data are processed for direct marketing, you may object at any time; in that case, we will cease such processing.
Right to lodge a complaint. You may lodge a complaint with a supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement.
8.Contact form and inquiries
If you submit inquiries (e.g., via a contact form or email), we process the data you provide to handle your request and any follow‑up questions.
Legal basis: Art. 6(1)(b) GDPR if related to a contract or pre‑contractual steps; otherwise Art. 6(1)(f) GDPR (our legitimate interest in effectively processing requests). We retain inquiry data until your request is fully resolved and no legal obligations require longer storage.
9.Registration / account
If you register to use additional functions (e.g., customer account for our services), the data you provide are processed to set up and administer the account and provide the requested functionalities.
Legal basis: Art. 6(1)(b) GDPR. We store registration data for as long as the account exists and delete them when no longer required, subject to legal retention duties.
10.Integrated third‑party services used on the website
Heyflow (forms and funnels). Provider: Heyflow GmbH, Jungfernstieg 49, 20354 Hamburg, Germany. We use Heyflow to create interactive forms and funnels. Heyflow processes the data you enter (e.g., contact details, uploaded files) and may produce aggregated usage statistics to improve the flow. Legal basis: Art. 6(1)(b) GDPR (if used to initiate/perform contracts) and/or Art. 6(1)(f) GDPR. We have a DPA in place with Heyflow.
Google Fonts. To ensure uniform font display, the website may use Google Fonts. When a page is accessed, the required fonts may be requested from Google servers, which can process your IP address for this purpose. Legal basis: Art. 6(1)(f) GDPR (legitimate interest in a uniform, efficient presentation). If you prefer, we may alternatively self‑host fonts to avoid external requests.
Microsoft Teams (meetings with customers). Provider: Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. If we invite you to online meetings, Microsoft processes the metadata and content required to provide the service. Any third‑country transfers are safeguarded by appropriate mechanisms. Legal basis: Art. 6(1)(b) GDPR (contract/pre‑contract communication) and/or Art. 6(1)(f) GDPR. Microsoft's privacy statement applies for its own processing.
Note on services not used. We do not use Google Analytics or other analytical/advertising tracking tools. We also do not operate public comment functions or send newsletters unless explicitly stated during collection.
11.Data processing for contracts initiated or concluded via the website
If contracts can be concluded or initiated via the website, we process the transmitted data for preparing offers, orders, and related communications.
Legal basis: Art. 6(1)(b) GDPR. This aligns with our Terms and Conditions for B2B services.
12.International data transfers
Where processing involves transfer of personal data to recipients outside the EU/EEA (e.g., to the United States), we implement appropriate safeguards (e.g., EU Standard Contractual Clauses and/or participation in the EU‑US Data Privacy Framework, where applicable). Copies of relevant safeguards can be requested using the contact details above.
13.Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services or legal requirements. The effective date is the date of publication on this page.
14.Effective date
Effective date: 2025‑09‑03