top of page

Privacy Policy Data Protection Guidelines

Effective date: March 2026

This Privacy Policy explains how WILDBACH Digital GmbH (“we”, “us”, “our”) processes personal data when you visit our website, contact us, or otherwise interact with us through our online presence.
We aim to process personal data transparently, proportionately, and only where a valid legal basis exists.

1. Controller

WILDBACH Digital GmbH
Zur Landwehr 2
D-33824 Werther (Westf.)
Germany
Phone: +49 521 80 06 98 32
Mobile: +49 171 426 77 78
Email: bach@wildbachdigital.de

Managing Director:
Stefan Bach

Data Protection Officer:
Stefan Bach

2. Scope of this Policy

This Privacy Policy applies to the processing of personal data on this website, including:

  • access to and use of the website,
  • communication via contact form, email, or telephone,
  • technical delivery and hosting of the website,
  • cookie and consent management,
  • optional embedded or third-party services, if activated.

3. Categories of Personal Data We Process

Depending on how you use this website, we may process the following categories of personal data:

  • identification data, such as your name,
  • contact data, such as your email address and telephone number,
  • organisation-related data, such as your institution, company, or role,
  • communication content, such as your enquiry or message,
  • technical usage data, such as IP address, browser type, operating system, referrer URL, date and time of access, and pages visited,
  • consent data, such as your cookie preferences and consent status.

4. Purposes of Processing

We process personal data for the following purposes:

  • to make the website technically available and secure,
  • to respond to enquiries and communicate with you,
  • to manage business communications and potential mandates,
  • to document and manage consent preferences,
  • to protect the integrity, security, and stability of the website,
  • to comply with legal obligations,
  • where applicable, to analyse website usage or provide optional embedded content, but only to the extent lawfully permitted and, where required, based on consent.

5. Legal Bases for Processing

We process personal data on one or more of the following legal bases:

  • your consent, Art. 6(1)(a) GDPR,
  • performance of a contract or steps prior to entering into a contract, Art. 6(1)(b) GDPR,
  • compliance with a legal obligation, Art. 6(1)(c) GDPR,
  • our legitimate interests, Art. 6(1)(f) GDPR, provided that your interests or fundamental rights and freedoms do not override those interests.

Where special categories of personal data are provided to us without being required, please do not send such information unless strictly necessary and legally justified.

6. Website Hosting and Technical Delivery

Our website is built and hosted using Wix. In order to make the website available, secure, and stable, technical data may be processed when you access the site. This may include server log information such as:

  • IP address,
  • date and time of access,
  • requested page or file,
  • browser and device information,
  • operating system,
  • referrer URL,
  • HTTP status information.

Such processing is necessary to provide the website, ensure security, prevent abuse, and maintain technical performance.

Legal basis:
Art. 6(1)(f) GDPR (legitimate interests in secure and reliable website operation) and, where applicable, Art. 6(1)(b) GDPR if your visit is connected to pre-contractual communication.

7. Contact Form, Email, and Telephone Enquiries

If you contact us via contact form, email, or telephone, we process the information you provide to handle your request and communicate with you. This may include:

  • name,
  • email address,
  • phone number,
  • institution or organisation,
  • role or function,
  • the content of your message,
  • any related follow-up information.

We process this data only to the extent necessary to respond to your enquiry, document business correspondence, and, where relevant, prepare or manage a business relationship.

Legal basis:
- Art. 6(1)(b) GDPR, where your request is related to a potential contract or mandate,
- Art. 6(1)(f) GDPR, for the efficient handling of general enquiries and business communications,
- Art. 6(1)(c) GDPR, where retention is required by law.

8. Cookies, Similar Technologies, and Consent Management

This website may use cookies and similar technologies.

Technically necessary cookies:
We may use cookies or comparable technologies that are necessary for the operation, security, and core functionality of the website. These do not require consent to the extent permitted by applicable law.

Non-essential cookies and tracking technologies:
If we use analytics, marketing, personalisation, embedded media, or similar non-essential technologies, these will only be activated after you have given valid consent, where required by law.

You can manage or withdraw your consent at any time through the cookie settings mechanism provided on the website.

Please note: Disabling certain technically necessary technologies may affect website functionality.

9. Consent Records

Where consent is required, we may store and document:

  • whether consent was given, refused, or withdrawn,
  • the date and time of the preference,
  • the consent configuration,
  • technical identifiers required to document the preference.

This processing is carried out to demonstrate compliance with legal consent requirements.

Legal basis:
Art. 6(1)(c) GDPR and Art. 6(1)(f) GDPR.

10. Recipients and Processors

We may share personal data with:

  • technical hosting and infrastructure providers,
  • website platform providers,
  • IT service providers,
  • professional advisers, where necessary,
  • public authorities or courts, where legally required.

We only share personal data where necessary and on an appropriate legal basis. Where third parties process data on our behalf, they act as processors under a data processing agreement where required by law.

11. International Data Transfers

Some service providers may process personal data outside the European Union or the European Economic Area. Where personal data is transferred to a third country, we will ensure that an adequate level of protection is in place, for example through:

  • an adequacy decision by the European Commission,
  • Standard Contractual Clauses,
  • or other lawful safeguards recognised under the GDPR.

12. Retention Periods

We retain personal data only for as long as necessary for the relevant purpose, including:

  • for the duration required to operate and secure the website,
  • for the handling of enquiries and related follow-up communication,
  • for the initiation, performance, or documentation of contractual relationships,
  • for compliance with statutory retention periods,
  • for the establishment, exercise, or defence of legal claims.

If no specific retention period is legally required, personal data will be deleted or anonymised once the relevant purpose no longer applies.

13. Your Rights Under Data Protection Law

Subject to the applicable legal requirements, you have the following rights:

  • the right of access,
  • the right to rectification,
  • the right to erasure,
  • the right to restriction of processing,
  • the right to data portability,
  • the right to object to processing,
  • the right to withdraw consent at any time with effect for the future.

The withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.

14. Right to Object

Where we process your personal data on the basis of legitimate interests under Art. 6(1)(f) GDPR, you have the right to object to such processing on grounds relating to your particular situation, subject to the applicable legal requirements.

If personal data is processed for direct marketing purposes, you have the right to object at any time to such processing.

15. Right to Lodge a Complaint

You also have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data violates applicable data protection law.

Competent supervisory authority for our company:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf
Germany
Phone: +49 (0)211 38424-0
Email: poststelle@ldi.nrw.de

You may also contact the supervisory authority in the Member State of your habitual residence, place of work, or the place of the alleged infringement.

16. No Obligation to Provide Data Unless Necessary

You are generally not legally required to provide personal data when visiting this website. However, certain information may be necessary if you wish to submit an enquiry, request information, or use specific website functions. If required information is not provided, we may be unable to process your request.

17. Automated Decision-Making

We do not use automated decision-making, including profiling, within the meaning of Art. 22 GDPR, unless this Privacy Policy is updated to state otherwise.

18. Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or unauthorised access.

Please note, however, that internet-based data transmission may have security vulnerabilities, and absolute protection cannot be guaranteed.

19. Changes to this Privacy Policy

We may update this Privacy Policy from time to time in order to reflect legal, technical, or operational changes. The current version published on this website shall apply.

20. Contact Regarding Data Protection

If you have questions about this Privacy Policy or wish to exercise your rights, please contact:
WILDBACH Digital GmbH
Zur Landwehr 2
D-33824 Werther (Westf.)
Germany
Email: bach@wildbachdigital.de
Phone: +49 521 80 06 98 32

21. Optional Sections to Add Only If Actually Used

Add the following sections only if the relevant tools are active on the website:

A. Web Analytics
If you use analytics tools, explain provider name, type of data collected, purpose, legal basis, whether consent is required, retention period, international transfers, and how users can withdraw consent.

B. Embedded Videos or Maps
If you embed YouTube, Vimeo, Google Maps, or similar services, explain provider, when data is transferred, legal basis, third-country transfer details, and how users can avoid activation.

C. Newsletter
If you offer a newsletter, explain what data is collected, double opt-in process, legal basis, tracking in newsletters, if any, unsubscribe process, and retention period.

D. Social Media Profiles or Plugins
If you link to or embed social networks, explain whether you only link externally or embed active plugins, what data may be transmitted, the legal basis, and third-country transfer information where relevant.

E. Applicant Data
If you later collect application data via the website, add a dedicated applicant privacy section.

22. Wix-Specific Completion Note

If the website remains on Wix, verify the final live setup and then update this Privacy Policy so that it accurately reflects: the actual Wix apps used, whether only essential cookies are active by default, whether a consent banner is installed, any custom code or third-party integrations, and any analytics, pixels, fonts, maps, or external embeds activated on the site.

bottom of page