We consider it our duty to protect the data of those who use our website, and we are committed to protecting the information that users provide to us in connection with their use of our website. Furthermore, we are committed to protecting and using your data in accordance with the applicable legal provisions, particularly the General Data Protection Regulation (GDPR) and the Telecommunications Digital Services Data Protection Act (TDDDG).

​

This privacy policy informs you about what personal data we collect, how we do so and for what purposes the processing takes place. We also provide a detailed explanation of the legal basis for data processing and the circumstances in which we may transfer personal data. You will be informed of the location of your data processing and storage, the duration for which it is stored, and the criteria used to determine the storage period. We are also committed to protecting your data through technical and organisational measures, and will notify you of any changes to this privacy policy.

​

Responsible for the website:

In accordance with the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection regulations, the responsible party is:

​

Groneweg Verwaltungsgesellschaft mbH

Am Eggenkamp 17

48268 Greven

Telefon: +49 2571 507-0

E-Mail: info@groco.de

 

Should you have any queries, please contact the data protection officer:

 

Said-Elham Sadat

Martin-Luther-King-Weg 42-44

48155 Münster

Telefon: +49 251-7187903

E-Mail: datenschutz@dsb-ms.de

 

​

Which data do we collect?

Please find below an overview of the data we process when you use our website and services:

​

The technical and usage-related data does not allow any conclusions to be drawn about your identity. This includes aggregated usage statistics, device type, browser information, access times and anonymised IP addresses. This data is used for the technical provision and optimisation of our website and services.

 

Personal data is defined as any information relating to an identified or identifiable natural person. This includes, for example:

 

• name

• email address

• postal address

• telephone

• IP address, unless it has been anonymized

• We would like to draw your attention to the fact that we may receive other data from you at any time. This could be in the form of information you choose to provide to us in forms or via email.

 

The processing of your data is based on the following legal basis:

​​

• Art. 6 para. 1 lit. a GDPR – if you have consented to the processing of your data (e.g. via cookie banner or form).

• Art. 6 para. In accordance with Article 1(lit. b) of the General Data Protection Regulation (GDPR), processing is permitted if it is necessary for the performance of pre-contractual measures or for the performance of a contract.

• Art. 6 para. In accordance with Article 1(f) of the GDPR, processing may take place if there is a legitimate interest in doing so, for instance for the purposes of IT security or to optimise our website.

• Please refer to Section 25(1) of the TDDDG for information on accessing end device data, such as cookies and tracking technologies, provided that you have provided consent.

• Please refer to Section 25(2) No. 2 TDDDG for guidance on the use of technically necessary cookies that do not require consent.

 

​

How do we collect your data?

We collect your data in a number of ways. We use the following methods:

 

Through your active communication: You voluntarily provide us with personal data by filling out forms, sending us emails, or using our functions and services.

 

Through automated processes when you visit our website. When you access our website, certain data is automatically collected by your end devices or tools used (e.g. server log files, cookies and analysis tools). This data may allow conclusions to be drawn about you (e.g. IP address).

 

From third parties: We may also receive data from third parties if you have consented to this or if there is a legal basis for doing so (e.g. payment service providers or partner companies).

 

​

Why do we process your data?

We process your personal data for the following reasons:

 

• Provision and operation of our services

Certain technical and personal data must be processed for you to be able to use our website, apps or platforms.

•  Communication with you:

We process your data in order to respond to your enquiries, feedback or service requests, and to provide you with support (e.g. via email or contact forms).

• To fulfil legal obligations:

For example, to comply with retention obligations under commercial or tax law, or to implement data protection requirements.

•  Further development and optimisation of our services:

We use anonymous and, with your consent, personal information to improve features and optimise your user experience.

• We analyse user behaviour.

If you have given your consent, we use tracking technologies to understand how our offerings are used.

• IT security and misuse detection:

This helps us to protect our systems from attacks and prevent unauthorised access or manipulation.

• We also use your information to enforce legal claims and our terms of use.

This includes defending ourselves in legal disputes or protecting our legitimate interests, for example.​

​

When do we share personal data and who are the recipients?

We only share your personal data with third parties if:

• You have given us your express consent to do so,

• it is necessary to fulfil a contract with you or to carry out pre-contractual measures,

• we are legally obliged to do so (e.g. due to legal disclosure obligations)

•  

Recipients may include, in particular:

• IT service providers (e.g. hosting, maintenance or support companies)

• Authorities and public bodies, if there is a legal obligation to do so (e.g. tax authorities, supervisory authorities)

• Contractual partners and vicarious agents, insofar as this is necessary for the fulfilment of contractual relationships (e.g. shipping service providers, payment providers)

 

 

Use of cookies and similar technologies

When you access our digital offerings, we and, where applicable, authorised third-party providers use technologies such as cookies and scripts (‘tracking technologies’) for the following purposes:

 

• to analyse the use and performance of our services,

• to improve navigation and functionality,

• to personalise the user experience,

• and to increase security and prevent fraud attempts.

 

Detailed information on this can be found in the consent management tool.

 

We use technically necessary cookies on the basis of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR in conjunction with Section 25 (2) No. 2 TDDDG. These cookies are necessary in order to provide our digital offerings and to operate them securely.

​

We only use non-essential cookies (e.g. for statistical, convenience or marketing purposes) with your express consent in the consent management tool (Section 25 (1) TDDDG in conjunction with Article 6 (1) lit. a GDPR).

 

Further information on the cookies used, their storage duration and purpose can be found in the following overview.

​

Cookie description:

 

Cookie name: bSession

Provider: Wix.com

Purpose: Stores a unique ID for the duration of the browser session to monitor system performance and ensure user experience.

Duration: Session (deleted when the browser is closed)

Category: Technically necessary

Legal basis: Section 25 (2) No. 2 TDDDG, Art. 6 (1) lit. f GDPR

 

Cookie name: consent-policy

Provider: Wix.com

Purpose: Stores the user's decision regarding consent to various cookie categories in order to comply with the legal requirements of the GDPR and TDDDG.

Duration: Usually 12 months (depending on configuration)

Category: Technically necessary

Legal basis: Section 25 (2) No. 2 TDDDG, Art. 6 (1) lit. c GDPR

 

Cookie name: hs

Provider: Wix.com

Purpose: This cookie is set for security reasons, e.g. to protect against attacks such as cross-site request forgery (CSRF).

Duration: Until the end of the session (session cookie)

Category: Technically necessary

Legal basis: Section 25 (2) No. 2 TDDDG, Art. 6 (1) lit. f GDPR

 

Cookie name: server-session-bind

Provider: Wix.com

Purpose: Binds the visitor's session to a specific server to ensure a stable and consistent connection to the website (load balancing).

Duration: Until the end of the session (session cookie)

Category: Technically necessary

Legal basis: Section 25 (2) No. 2 TDDDG, Art. 6 (1) lit. f GDPR

 

Cookie name: ssr-caching

Provider: Wix.com

Purpose: This cookie is used to indicate whether a page has been delivered via server-side caching. It is used exclusively to optimise loading times.

Duration: Short-term (a few seconds to minutes)

Category: Technically necessary

Legal basis: Section 25 (2) No. 2 TDDDG, Art. 6 (1) lit. f GDPR

 

Cookie name: svSession

Provider: Wix.com

Purpose: This cookie is used to identify visitors on repeat visits, store user settings and provide security features.

Duration: 2 years

Category: Functional

Legal basis: Section 25 (1) TDDDG, Art. 6 (1) lit. a GDPR (consent via cookie banner required)

 

Cookie name: XSRF-TOKEN

Provider: Wix.com

Purpose: Serves the security of the website and protects against cross-site request forgery attacks.

Duration: Until the end of the session

Category: Technically necessary

Legal basis: Section 25(2)(2) TDDDG, Art. 6(1)(f) GDPR

 

​

What are the storage periods for personal data?

 Your personal data will only be stored for as long as necessary to achieve the respective processing purposes. The specific storage period depends on the following criteria:

 

• Necessity of the data for ongoing processes or services,

• Statutory or contractually agreed retention periods,

• Requirement for documentation or proof (e.g. in the context of support cases or transactions),

• Relevance in connection with potential legal claims or disputes.

 

As soon as the data is no longer required for the aforementioned purposes and there are no longer any retention obligations, it will be deleted or anonymised.

 

 

How do we protect your data?

Our hosting platform provides a secure environment with modern security standards. These include, in particular:

 

• Protected server locations with physical access protection

• Use of firewalls

• Encrypted data transmission via HTTPS

• Access restrictions based on the need-to-know principle

 

Technical and organisational measures (TOM) are regularly reviewed and adapted in accordance with legal requirements to ensure a level of protection appropriate to the risk.

​

​

Your rights as a data subject (in accordance with the GDPR)

As a data subject, you have the following rights with regard to the processing of your personal data:

 

Right to information

(Art. 15 GDPR) – You have the right to know whether and which personal data we process about you.

Right to rectification

(Art. 16 GDPR) – You can have inaccurate or incomplete personal data corrected.

Right to erasure (‘right to be forgotten’)

(Art. 17 GDPR) – Under certain circumstances, you can request the erasure of your data.

Right to restriction of processing

(Art. 18 GDPR) – In certain cases, you have the right to restrict the processing of your data.

Right to data portability

(Art. 20 GDPR) – You have the right to receive your personal data in a structured, commonly used and machine-readable format or to have it transferred to another controller.

Right to object

(Art. 21 GDPR) – You may object to the processing of your personal data at any time, provided that this is based on a legitimate interest.

Right to withdraw consent

(Art. 7(3) GDPR) – You may withdraw your consent to us at any time with effect for the future.

Right to lodge a complaint with a supervisory authority

(Art. 77 GDPR) – You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, your place of work or the place of the alleged infringement.

 

If you have any questions about the processing of your personal data or about exercising your rights, please contact us or our data protection officer first. We take your concerns seriously and will investigate them as quickly as possible.

 

Our email address: info@groco.de

 

Competent supervisory authority for North Rhine-Westphalia:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)

Kavalleriestraße 2–4

40213 Düsseldorf

T  0211 38424-0

E  poststelle@ldi.nrw.de

H www.ldi.nrw.de

​

 

Data transfer

Our companies and the service providers we commission (e.g. hosting providers, IT service providers, analysis or communication services) process personal data within the European Union (EU) or the European Economic Area (EEA). In individual cases, however, it may be necessary to transfer data to so-called third countries, i.e. outside the EU/EEA. In such cases, we ensure that appropriate protective measures are taken in accordance with the legal requirements. Such data transfers are carried out exclusively in compliance with the provisions of Art. 44 ff. GDPR, in particular if:

 

• an adequacy decision by the European Commission has been made for the third country in question,

• or appropriate safeguards are in place (e.g. EU standard contractual clauses, binding corporate rules) and

• you, as the data subject, have been adequately informed about the risks.

 

 

Changes to the privacy policy

We reserve the right to change this privacy policy at any time. The current version is published on our website (see above: ‘Status’). We will inform you accordingly in the event of significant changes.

 

Continued use of the services after a change constitutes acceptance of the amended policy.

 

​

Status: June 2025