Privacy policy of WIVW GmbH Version 30.09.2025

1. Subject of this privacy policy

Due to the sensitivity and need for protection of personal data (hereinafter "data"), WIVW GmbH (hereinafter also "controller", "we", "us") is committed to protecting the individuals whose data is processed (i.e., "you", "your"), as well as the data itself. To this end, we comply with the legal provisions of the General Data Protection Regulation (GDPR) and the country-specific data protection regulations applicable to us.
In the following, we will inform you whether and what data we store about you and how and for what purpose we process your data. We also inform you about the initial transmission and the type of data transmitted, as well as the protective measures taken.
Data protection information regarding the use of MS Teams is not part of this privacy policy. Further information can be found here.
As the privacy policy is based on the terminology of the GDPR, but should be easy to read and understand for everyone, we would first like to explain some important terms.

• PERSONAL DATA (Art. 1 No. 4 GDPR) is all information with which we can identify you as a person. This can be data that allows us to identify you directly (e.g. your name) or data that allows us to identify you indirectly (e.g. by assigning an IP address).
• PROCESSING(Art. 4 No. 2 GDPR) is any operation that is carried out in connection with the data. This can be, for example, the collection of data, storage or deletion.
• CONSENT (Art. 4 No. 11 GDPR) is the expression of your will (declaration, clearly confirming action) with which you indicate that you consent to the processing of your data.
• (FOR PROCESSING) CONTROLLER (Art. 4 No. 7 GDPR) is the natural or legal person who decides how and for what purpose data is processed.
• THIRD PARTY (Art. 4 No. 10 GDPR) is any natural or legal person or body other than you or us or other persons who are authorized to process personal data under our direct responsibility.

2. Responsible body

The controller within the meaning of the GDPR, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

Würzburg Institute for Traffic Sciences (WIVW GmbH)
Robert-Bosch-Straße 4
97209 Veitshöchheim
Phone: +49-931-78009-0
Fax: +49-931-78009-150
Email: info@wivw.de

Legally represented by: Alexandra Neukum (Managing director).

3. Data protection officer

If you have any questions or suggestions regarding data protection at WIVW GmbH, you can contact our data protection officer at any time:

Dr. Marcus Schmitz
Würzburg Institute for Traffic Sciences (WIVW GmbH)
Robert-Bosch-Straße 4
97209 Veitshöchheim
Email: datenschutz@wivw.de

4. Collection and use of data

The scope and type of collection/use of your data differs depending on whether you visit our website only to retrieve information or to make use of services offered by us.

4.1 Accessing information

If you only wish to retrieve information from our website, it is generally not necessary for you to provide personal data. Rather, in this case we only collect and use the data that your Internet browser automatically transmits to us and that is stored in the server log files. The following are recorded:

• Date and time of access to one of our web pages
• your browser type
• the browser settings
• the operating system used
• the last and current page you visited
• the amount of data transferred and the access status (file transferred, file not found, etc.)
• your IP address.

This usage data is stored separately from any other data you may provide to us. There is no linking of the usage data with your other data and no conclusions are drawn about your person. The usage data is generally required for accessing the website. Beyond this, we only use the data to optimize our website with the help of anonymized, statistical evaluations. For reasons of technical security, i.e., to defend against attempted attacks on the web server, as well as due to the legal obligation to provide law enforcement authorities with the data necessary for prosecution in the event of an attack, your usage data is stored by us for a short period of time, for a maximum of 7 days. Our legitimate interest in data processing also lies in these purposes. The legal basis for the processing is therefore Art. 6 para. 1 lit. f) GDPR.

4.2 Making contact

To contact us, you can call us, send a fax, or write an email. When you contact us, your data will be forwarded to the person responsible for answering your request within WIVW GmbH, depending on the content of your request. We will then inform you. Your data will only be processed to answer your request. Your data will not be passed on to third parties unless there is a legal obligation to do so or the transfer serves the purpose of criminal or legal prosecution. Depending on your request, your data will be stored or deleted. Depending on the content of your request, the legal basis for processing is Art. 6 (1) (b) or Art. 6 (1) (f) GDPR.

4.3 Customer area

If you are a customer of WIVW GmbH, you can obtain access to the customer area in consultation with us. This can be set up in order to provide you with certain information or services as part of a contractual agreement. When you visit the customer area, in addition to the above-mentioned data for the use of the homepage, the time of registration, your IP address and the content accessed are logged. This provides us with information as to whether the contractually agreed service has been used. The log files are deleted at the end of the contractual relationship. Your data will not be passed on to third parties unless there is a legal obligation to pass it on or the passing on serves the purpose of criminal or legal prosecution. The legal basis for this data processing is Art. 6 para. 1 lit. b) GDPR.

5. Further information

The data you provide to us will not be shared with third parties, except in the exceptional cases mentioned above. We process data exclusively on servers within the European Union. We do not use web analysis services on our websites.

6. Data security

We use technical and organizational security measures to protect personal data that is generated or collected, in particular against manipulation, loss or unauthorized access. Our security measures are continuously adapted in line with technological developments. Unfortunately, Internet-based data transmissions can still have security gaps, meaning that absolute protection cannot be guaranteed. However, you have the option of transmitting your data to us by alternative means, such as by phone or in person.

7. Your rights

Under the GDPR, you are granted the following rights in connection with your data. To exercise your rights, you can contact our data protection officer or another employee at any time.

7.1 Right to information

You have the right to receive information and confirmation from us at any time free of charge about the personal data stored about you. This information includes, for example, information about whether we process any of your data and, if so, what type of data, for what purpose the data is processed, who any recipients of the data are and how long the data is stored (Art. 15 GDPR). If you make a request for information, we ask for your understanding that we may then require proof from you that you are the person you claim to be.

7.2 Right to rectification

If we process incorrect data about you, you have the right to request the correction of this data without delay (Art. 16 GDPR).

7.3 Right to erasure

In certain cases, you have the right to demand that we erase your data without undue delay, for example if it is no longer required for the purpose for which it was collected, if the statutory retention obligation has been fulfilled or if you withdraw your consent to processing (Art. 17 GDPR). The prerequisite for this is that further processing of your data is not necessary or required by law.

7.4 Right to restriction of processing

Under certain conditions, you have the right to demand that we restrict the processing of your data if deletion is not possible or the obligation to delete is disputed (Art. 18 GDPR).

7.5 Right to data portability

You have the right to receive the data concerning you that you have provided to us in a structured, commonly used and machine-readable format (Art. 20 GDPR).

7.6 Right to withdraw your consent under data protection law

You have the right to withdraw your consent to the processing of your data at any time. However, any processing that took place before you withdrew your consent remains valid (Art. 7 para. 3 GDPR).

7.7 Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of data concerning you which is based on point (e) or (f) of Article 6(1) GDPR (Article 21(1) GDPR). In this case, we will no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims. If we process your data for the purpose of direct marketing, you have the right to object to this type of processing at any time. You also have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out for scientific or statistical research purposes in accordance with Art. 89 para. 1 GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

7.8 Right to lodge a complaint with the supervisory authority

If we cannot help you satisfactorily and you are of the opinion that we are not processing your data in accordance with data protection regulations, you have the right to lodge a complaint with a supervisory authority.

8. Changes to the data protection information

We will revise this privacy policy whenever changes are made to our website or for other reasons that make this necessary. You will always find the most current version here on this website.