Data protection

DR-WALTER is pleased about your interest in our company and our websites. The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data includes all data that can be used to personally identify you.

The controller within the meaning of Art. 4 No. 7 GDPR is the party who alone or jointly with others determines the purposes and means of the processing of personal data. 
The controller responsible for data processing on this website is: 

DR-WALTER GmbH
Eisenerzstraße 34
53819 Neunkirchen-Seelscheid
Germany 

T +49 2247 9194-0
F +49 2247 9194-40 

You can reach our Data Protection Officer in accordance with Art. 37 GDPR at:
[email protected] 

Whenever our website is accessed, our system automatically collects data and information that is technically necessary to provide the content of our website and to ensure system stability and security. 

In particular, the following data is collected: 

• Browser type and browser version
• Operating system used
• Hostname of the accessing device
• IP address
• Date and time of access
• Pages and resources accessed
• Referrer URL
• Notification of successful retrieval
• Amount of data transferred 

This data is stored in server log files. The processing of log file data is carried out exclusively to ensure the functioning, stability, and security of our information technology systems. We do not use the log file data to directly identify you. However, the IP address may still constitute personal data within the meaning of the GDPR. 

Purpose and legal basis of processing: 
Processing is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the technically error-free display of the website, ensuring system stability, and protecting against unauthorized access and cyberattacks. 

Log file data is deleted as soon as it is no longer necessary for the purpose for which it was collected, but no later than 60 days, unless required for security-related analysis. 

Cookies and comparable technologies are used on our website. Where these are technically necessary, processing is carried out based on Section 25(2) TDDDG and Art. 6(1)(f) GDPR. 

All non‑essential cookies and services (e.g., analytics or marketing tools) are used only after you provide explicit consent under Section 25(1) TDDDG in conjunction with Art. 6(1)(a) GDPR. 

Detailed information on the cookies and services used—including purpose, legal basis, storage duration, and any third‑country transfers—can be found in the sections below and in the cookie settings. 

For security reasons and to protect the transmission of confidential content, this website uses SSL/TLS encryption. You can recognize an encrypted connection by the change in the browser’s address line from “http://” to “https://” and by the lock icon in your browser bar. 

Encryption protects the confidentiality and integrity of the transmitted data (Art. 32 GDPR).

Provider: Consentmanager AB, Håltegelvägen 1b, 72348 Västerås, Sweden.
Website: https://www.consentmanager.net
Additional Information & Privacy: https://www.consentmanager.net/datenschutz/ 

Purpose and legal basis: 
We use the consent management tool from consentmanager.net to obtain, manage, and document legally required consent for cookies and comparable technologies. The specific cookies and services used are described in detail in the cookie settings. The tool is used to comply with legal obligations under Art. 6(1)(c) GDPR in conjunction with Section 25 TDDDG and Art. 7(1) GDPR (proof of consent). 

The following data may be processed when collecting and documenting your consent: 

• Consent status and selected settings
• Date and time of decision
• Pseudonymous consent ID
• Technical information (e.g., truncated IP address, browser and device details) 

Consent data is stored as long as required to fulfill legal proof obligations. Processing generally occurs within the European Union. If third‑country transfers occur, they are carried out in compliance with Art. 44 et seq. GDPR. 

You may change or withdraw your consent at any time with future effect via the cookie settings. 

We use Pipedrive OÜ (Mustamäe tee 3a, 10615 Tallinn, Estonia; “Pipedrive”) as a customer relationship management system (CRM) for structured management of customer and prospect data. 

Purposes of processing include: 

• Handling and responding to contact inquiries
• Management and documentation of customer relationships
• Contract initiation, review, and execution
• Organization of sales processes
• Support for existing customers and acquisition of new customers 

Data processed may include in particular: 

• Contact details (name, e‑mail address, phone number, company)
• Communication content
• Contract and offer details
• Health data
• Notes on business transactions 

Processing is based on Art. 6(1)(b) GDPR where necessary for pre‑contractual measures or contract execution, and on Art. 6(1)(f) GDPR for our legitimate interest in efficient business process organization, customer communication, and sales management. 

Where health data is collected or processed for insurance application assessment or premium calculation, processing occurs exclusively based on your explicit consent under Art. 9(2)(a) GDPR in conjunction with Art. 6(1)(a) GDPR. Consent may be withdrawn at any time with future effect. 

Personal data is transferred to and processed by Pipedrive OÜ as part of using Pipedrive. A data processing agreement under Art. 28 GDPR has been concluded. Pipedrive processes data strictly on instruction and in compliance with data protection requirements. 

Where Pipedrive processes personal data in third countries outside the EU/EEA (e.g., via group structures or technical subcontractors), this is conducted only in accordance with Art. 44 et seq. GDPR—particularly on the basis of EU Standard Contractual Clauses or other suitable safeguards. More information: 
https://www.pipedrive.com/en/privacy. 

We delete personal data once it is no longer necessary for the purpose of its collection and provided no legal or contractual retention requirements apply. This typically applies if no customer relationship is established or it ends.

Our website uses JavaScript to improve visual presentation, enable navigation between pages, and technically support operation of our online forms. 

JavaScript is provided exclusively on our local servers and executed on your device. No data is transferred to third parties in this context. 

Where technically necessary personal data (e.g., IP address, browser details, date and time of access) is processed, this is based on Art. 6(1)(f) GDPR. Our legitimate interest lies in the secure, stable, and functional operation of our website. 

Processing of personal data transmitted through our contact forms is conducted solely for the specified purpose and is described separately under “Contact Form”. 

If you contact us by e‑mail, telephone, fax, or contact form, your inquiry including all resulting personal data (name, inquiry) will be stored and processed to handle your request. We do not share this data without your consent. 

Processing is based on Art. 6(1)(b) GDPR where your inquiry relates to contractual matters or required pre‑contractual steps. In all other cases, processing is based on our legitimate interest in effective response management (Art. 6(1)(f) GDPR) or your consent (Art. 6(1)(a) GDPR), where obtained. 
Where health data is processed, this occurs solely based on explicit consent under Art. 9(2)(a) GDPR in conjunction with Art. 6(1)(a) GDPR. Consent may be withdrawn at any time. 

Data from contact inquiries is retained until you request deletion, withdraw consent, or the purpose for storage no longer applies (e.g., once your inquiry is completed). Mandatory statutory retention requirements remain unaffected. 

To ensure secure and efficient communication, we use Flixcheck GmbH for our online questionnaires. The Flixcheck widget enables secure transmission of contract documents and efficient handling of claims, withdrawal requests, and other inquiries. 
Legal basis: Art. 6(1)(b) GDPR. 

Where processing is not related to contract execution or initiation, the legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies in processing your inquiry and ensuring secure data transmission. 

Flixcheck GmbH processes personal data as a processor. More information: 
https://www.flixcheck.de/datenschutz/. 

Data Subject Rights 

Under the GDPR, data subjects have the following rights regarding the processing of their personal data: 

Right of Access, Art. 15 GDPR 

You have the right to obtain information about processed data, purposes, and recipients. Access may be denied in exceptional cases if overriding interests of third parties or statutory confidentiality obligations apply. 

Right to Rectification, Art. 16 GDPR 

You may request the correction of inaccurate or completion of incomplete personal data without delay. 

Right to Erasure, Art. 17 GDPR 

You may request the deletion of your personal data where the statutory requirements are met—for example, when processing is no longer necessary or consent has been withdrawn. 

If deletion is not possible due to statutory, organizational, or contractual retention requirements, or if deletion would disproportionately impair legitimate interests, processing will instead be restricted (“blocked”).
Data is also blocked if its accuracy is contested and cannot be verified. 

Right to Restriction of Processing, Art. 18 GDPR 

Restriction may be requested where prerequisites apply, e.g., when the accuracy of data is disputed or processing is unlawful. 

Right to Object, Art. 21 GDPR 

You may object at any time to processing of your personal data, particularly where processing is based on legitimate interests or used for direct marketing. 

Your consent and declaration of medical confidentiality may be withdrawn at any time with future effect. Processing prior to withdrawal remains lawful. 
If certain processing activities are contractually required, withdrawing consent may result in limitations in service delivery. 

Objections must be submitted to the controller listed above via mail, fax, or e‑mail, including your full name, contact information, and—if available—your insurance number. 

Exercising Data Subject Rights 

To exercise your rights, you may contact the company’s Data Protection Officer at any time by mail or e‑mail: 
DR-WALTER GmbH, Datenschutzbeauftragter, Eisenerzstraße 34, 53819 Neunkirchen‑Seelscheid 
or [email protected]. 
For security reasons, proof of identity may be required. 

Right to Lodge a Complaint with a Supervisory Authority, Art. 77 GDPR 

You have the right to file a complaint with a data protection supervisory authority, particularly in the EU member state of your habitual residence, workplace, or place of alleged infringement. 

The competent authority for us in Germany is: 

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein‑Westfalen 
Postfach 20 04 44
40102 Düsseldorf
Germany
E‑mail: [email protected] 

Transfer of Data to Third Countries 

Some service providers/recipients may process data in third countries. 
In such cases, we ensure an adequate level of data protection—for example through an EU Commission adequacy decision (including the EU–US Data Privacy Framework) or EU Standard Contractual Clauses (SCCs), and, where necessary, additional technical and organizational safeguards. 

Automated Decision‑Making / Profiling, Art. 22 GDPR 

No automated decision‑making, including profiling, takes place within the meaning of Art. 22 GDPR. 

Data Security 

We protect your personal data through a wide range of technical and organizational measures that comply with current standards and are regularly reviewed and improved. 
All employees are trained in data protection and the secure, responsible handling of customer data. 
All employees are bound by confidentiality and have signed relevant confidentiality and data protection commitments.

Our privacy policy (version 7 of 22 December 2021*) will regularly be adapted to the developments of privacy regulations and security technology.

You should inform us immediately if you feel that your property right is being violated by this website so that we can quickly help you or solve the problem.

Please feel free to contact us at any time for further information on data protection.

*History:
version 1 of 31 August 2012;
version 2 of 20 April 2016: references to the use of cookies, Google Analytics, Facebook plugins and Google Remarketing;
version 3 of 16 January 2017: references to the use of remarketing and conversion tracking;
version 4 of 16 May 2018: General Data Protection Regulation (GDPR);
version 5 of 12 November 2020: Updated list of service providers;
version 6 of 2 June 2021: Updated list of service providers;
version 7 of 22 December 2021: Updated list of service providers.
version 8 of 9 June 2023: Updated list of service providers.
version 9 of 27 February 2026: Updated Data protection notes.