Privacy Policy

1. Controller

WAV BAU | GEBÄUDETECHNIK GmbH
Rheinstraße 221, 76532 Baden-Baden, Germany

Represented by:
Managing Director: Alexander Schumski

Commercial register:
Register court: Amtsgericht Mannheim
Registration number: [HRB 737499]

📧 info@wavgroup.de
📞 +49 7221 3961166

2. Hosting and technical delivery

Our website is hosted by Netlify, Inc. (510 Townsend Street, San Francisco, CA 94103, USA). Netlify processes IP addresses, log files and technical access data to provide the website securely and reliably.

Netlify is certified under the EU-US Data Privacy Framework. Where required, Standard Contractual Clauses are also used. The legal basis is Art. 6(1)(f) GDPR.

Domain management and transactional email delivery are provided by Hostinger International Ltd. (61 Lordou Vironos Street, 6023 Larnaca, Cyprus / EU).

3. Cookie and consent management

We use our own consent banner. Your selection is stored locally in your browser under the key wav_cookie_consent_v2. This storage is necessary to remember and document your consent decision.

Optional analytics and marketing technologies are loaded only after you actively select them or click “Accept all”. You can change or withdraw your selection at any time via the Cookie settings link in the footer.

The legal basis for technically necessary functions is Art. 6(1)(f) GDPR and § 25(2) TDDDG. Optional cookies and similar technologies are based on your consent under Art. 6(1)(a) GDPR and § 25(1) TDDDG.

4. Google Analytics 4 (analytics)

If you consent to the “Analytics” category, we use Google Analytics 4 by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics helps us understand website usage. Cookies such as _ga, _gid or comparable identifiers may be set. IP anonymisation is enabled.

Processing takes place only on the basis of your consent. You can withdraw your consent at any time via the cookie settings. More information is available in Google’s privacy policy.

5. Meta Pixel (marketing)

If you consent to the “Marketing” category, we use Meta Pixel by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

Meta Pixel helps us measure advertising campaigns and make ads more relevant. Cookies such as _fbp or _fbc may be set and usage data may be transmitted to Meta.

Processing takes place only on the basis of your consent. You can withdraw your consent at any time via the cookie settings. More information is available in Meta’s privacy policy.

6. Contact form and double opt-in

When you use our contact form, we process the data you enter (salutation, first name, last name, email address, phone number, message and consent choices) to handle your enquiry.

To prevent misuse and verify your email address, we send you a confirmation email after submission (double opt-in). Only after confirmation is your enquiry forwarded internally and, where technically available, processed in our CRM system.

Marketing communication is optional. A contact enquiry is not conditional on marketing consent. If you tick the marketing checkbox, we document this consent together with the double opt-in proof.

The legal bases are Art. 6(1)(b) GDPR for contractual or pre-contractual enquiries, Art. 6(1)(f) GDPR for abuse prevention and documentation, and Art. 6(1)(a) GDPR for optional marketing communication.

7. Recipients and processors

We use HERO Software GmbH (Schatzbogen 60, 81829 Munich, Germany) as a CRM/processor under Art. 28 GDPR. Transmission is encrypted.

For email delivery we use technical service providers, in particular Hostinger. These providers process data only for technical delivery.

8. Retention

Contact enquiries are stored only as long as necessary to handle the enquiry, comply with legal obligations or document consent. Consent proof is retained as long as required for documentation.

9. Your rights

You have the right of access, rectification, erasure, restriction, data portability, objection and withdrawal of consent under the GDPR.

10. Right to complain

You may lodge a complaint with a data protection supervisory authority, for example the Baden-Württemberg authority: www.baden-wuerttemberg.datenschutz.de

11. Security

Transmission is TLS encrypted. API keys and credentials are processed server-side and are not exposed in the browser.

12. No automated decision-making

No automated decision-making or profiling within the meaning of Art. 22 GDPR takes place.