Data Protection - your data protection is important to us

Financial provision and asset building are matters of trust. It is therefore very important to us to respect your personal rights and handle your data with utmost diligence and care. Protecting your private sphere is a top priority for Wüstenrot & Württembergische AG. Therefore, we naturally comply with all the legal data protection provisions and want you to know when we save what data and how we use it. Especially the protection of your personal data, such as your name and address, is very important to us. The same applies to the handling of information that you entrust to us and to data which are logged during internet use.

With this data protection declaration we, Wüstenrot & Württembergische AG, as the service provider of the website that can be accessed at, would like to inform you of the nature, scope and purpose of the collection and use of your personal data that become relevant when you visit our website/associated websites or use other channels.

From 25 May 2018 the EU General Data Protection Regulation (GDPR) will apply immediately in all Member States of the European Union.

Documents for our customers

Data Protection


The data protection declaration of Wüstenrot & Württembergische AG uses terms which are predefined by the European legislator and regulator for the adoption of the General Data Protection Regulation (GDPR).
We use the following terms, amongst others, in this data protection declaration:

Personal data are any information which relate to an identified or identifiable natural person (hereinafter referred to as “Data Subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by assignment to an identifier such as a name, an identification number, location data, an online identifier or to one or more special characteristics which express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

Processing means any operation or set of operations which is performed in connection with personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Controller or party responsible for processing means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities who receive personal data within the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Who is responsible for data processing and whom can I contact?

The responsible party is:

Wüstenrot & Württembergische AG

W&W-Platz 1
70806 Kornwestheim, Deutschland
Phone: +49 7141 160

If your data are also processed by other companies in the Wüstenrot & Württembergische-Group as controller to render our services, please contact the respective company. You can find the current contact details here.

You can reach our Data Protection Officer at:

Wüstenrot & Württembergische AG,
Data Protection Officer
W&W-Platz 1
70806 Kornwestheim
Phone: +49 7141 160

What data do we collect on the website?

You can navigate our websites anonymously. During your visit usage data are stored, such as your IP address, the website via which you found us, the pages of our website which you visit, and the date and duration of your visit. All these data are evaluated exclusively for statistical purposes. The evaluation is also carried out using cookies (see the section “What are cookies, and what are they used for?”). We do not create personal user profiles.

In order to represent the stock chart, data about page access is stored in log files. To this end, the following data are logged:

  • website visited
  • date and time of access
  • amount of data sent (in bytes)
  • source / reference from which you arrived at the page
  • browser used
  • operating system used
  • IP address used by the user (we anonymise the IP address after 24 hours)

The data collected are used for statistical purposes only and to improve the website. Your personal data (IP address) will be anonymised in advance.

What do we process your data for (purpose of the processing) and on what legal basis?

We process the data resulting from visiting our website or using the offered contact options in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). Depending on the matter about which you contacted us via the website, there are different legal bases for this. If a customer relationship exists with you, you will find further information about the processing of your personal data and information about your rights and obligations in Data protection information on the companies in the Wüstenrot & Württembergische Group.

The specific legal basis for the data processing depends on the context in which we obtain your data and for what purpose. Therefore, we shall inform you separately about the respective use where necessary. As a rule, the legal basis for the data processing will arise from the options described below.

Art. 6 (1) a) GDPR serves as our company’s legal basis for processing procedures, where we acquire consent for a certain processing purpose. Granted consent may be revoked at any time.

If the processing of personal data is required for the fulfilment of a contract, of which the contracting party is the respective person, as may be the case for processing procedures that are required for a supply of goods or the provision of some other service or service in return, then the processing is based on Art. 6 (1) b) GDPR. The same applies to such processing operations that are required for the implementation of pre-contractual measures in cases of inquiries about our products or services.

If our company is subject to a legal obligation by which the processing of personal data is necessary, for example for the fulfilment of fiscal obligations, then such processing is based on Art. 6 (1) c) GDPR.

Ultimately, processing operations could be based on Art. 6 (1) f) GDPR. Processing operations are based on this legal basis if not covered by any of the above-mentioned legal bases if the processing to maintain a legitimate interest of our company or a third party is required, as long as the interests, basic rights and fundamental freedoms of the data subject do not outweigh this.

How long do we store your data?

We store your personal data resulting from the use of our website for as long as required for the above-mentioned purposes. In addition, we are subject to various legal verification and retention requirements, which are inter alia dealt with in the German Commercial Code (HGB), tax legislation and the German Fiscal Code (AO). As a rule, the retention periods are accordingly up to ten years. It is also possible that personal data may be stored for the period in which claims can be asserted against us (statutory limitation period of three or up to thirty years). After expiry of the storage period the personal data are deleted via an automated procedure.

Therefore, your email address, for example, remains stored in our newsletter mailing list until you inform us that you no longer wish to receive the newsletter.

In the event that data are stored in log files, this is the case at the latest after seven days. Storage extending beyond this is possible. In this case, the IP addresses of users are deleted or made anonymous so that assignment of the accessing client is no longer possible.

You will find further information in Data protection information of the companies in the Wüstenrot & Württembergische Group.

How do we use your data in the Group?

We use your personal data within Wüstenrot & Württembergische AG and the other companies in our Group. In doing so, we observe the principles of purpose and data minimisation.

If you are a contracting party of one of our cooperation partners and you use the portals of Wüstenrot & Württembergische AG and the other companies in our Group, we only pass on your data to companies with whom the cooperation partnership exists.

We appreciate your trust and apply the utmost core to protect your personal information.

We forward the addresses of prospective customers who order information material to our local financial planning specialists for possible individual advice.

If you do not wish us to use your data for advertising or surveys, please inform us. We shall then not use your data for these purposes.

Please note that the information in this case merely relates to data resulting from the use of our website, e.g. regarding your message by means of a contact form. You will find information on the use of your data in the context of a customer relationship with us in Data protection information of the companies in the Wüstenrot & Württembergische Group.

Who receives data about you?

We only forward your personal data to third parties if this is necessary for the fulfilment of own business purposes, you have given your consent to this or we are obliged to do so by law or due to an instruction from a court or official body.

When we work together with external service providers within the scope of data processing this is generally on the basis of what is known as contract processing, where we remain responsible for the data processing. We check each of these service providers in advance for the measures they have taken in regard to data protection and data security and therefore ensure the contractual provisions for the protection of personal data provided for by law.

Are data transmitted to a third country or to an international organisation?

Should we transmit personal data to service providers outside the European Economic Area (EEA), transmission shall only take place if an appropriate data protection level has been confirmed for the third country by the EU Commission or other appropriate data protection guarantees (e.g. binding internal data protection provisions or EU standard contractual clauses) exist.

To what extent is there automated decision-making in individual cases?

If we use purely automated processing operations for reaching a decision in an individual case, including profiling, we shall provide information with regard to the relevant application.

Am I obliged to provide data?

Within the context of our business relationship you only have to provide the personal data that are required for the establishment, implementation and termination of a business relationship or for the collection of which we are legally obligated. We normally have to refuse to conclude a contract or carry out an order or can no longer execute and may have to terminate an existing contract without these data.

What data protection rights do I have?

You have the right to information pursuant to Art. 15 GDPR, the right to correction pursuant to Art. 16 GDPR, the right to deletion pursuant to Art. 17 GDPR, the right to limitation of processing pursuant to Art. 18 GDPR and the right to data transferability pursuant to Art. 20 GDPR. In regard to the right to information and the right to deletion the restrictions according to Sections 34 and 35 BDSG apply. In addition, there is a right to lodge a complaint with a data protection authority (Article 77 GDPR in conjunction with Section 19 BDSG).

Information regarding your right of revocation according to Art. 21 GDPR

1. You have the right to object at any time to the processing of your personal data on the basis of Art. 6 (1) e) GDPR (data processing in the public interest) and Art. 6 (1) f) GDPR (data processing on the basis of a balance of interests) if there are reasons for this arising from your particular situation. This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR which we use for credit assessment or for advertising purposes.

If you file an objection, we will no longer process your personal data unless we can prove compelling reasons for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

2. In individual cases we process your personal data to carry out direct advertising. You have the right to object to the processing of your personal data for the purposes of such advertising at any time (without giving reasons); this also applies to profiling provided that it is connected to direct advertising.

If you object to processing for the purposes of direct advertising, we shall no longer process your personal data for these purposes.

Please send your objection to the responsible company using the above-mentioned contact details.

Right to revoke consent

Granted consent may be revoked at any time. This also applies to the revocation of declarations of consent issued to us prior to the application of the General Data Protection Regulation, i.e. before 25 May 2018.

Please note that the revocation will only be effective in the future. Processing which took place prior to the revocation is not affected.

Your right to complain to the competent data protection supervisory authority

The competent data protection supervisory authority for Wüstenrot & Württembergische AG is:

The state representative for data protection and freedom of information
Lautenschlagerstraße 20
70173 Stuttgart

You can however contact the data protection supervisory authority closest to your place of residence.

How does our individual communication with you work?

Our website contains information which enables fast electronic contact with our company as well as direct communication with us. Therefore, for questions of any kind we offer you the option of contacting us via interaction points provided on the website. We inform you about the necessary information required to deal with your enquiry at the respective interaction point. If you contact us via an interaction point, the personal data you provide for the purposes of processing or making contact with you are stored automatically.

The legal basis for processing data which are transmitted in the course of the dispatching process is Art. 6 (1) f) GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 (1) b) GDPR.

Contact form

To ask questions of any kind we offer you the option of contacting us via forms provided on the website. We inform you about the information required to deal with your enquiry in the respective form. Further information can be provided voluntarily.

The other personal data processed during the dispatching procedure serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

What are cookies and what are they used for?

Cookies are text files that are stored in the cache of your internet browser (e.g. Internet Explorer or Firefox) when you visit a website. Most of the cookies we use are “session cookies”. They are automatically deleted at the end of your visit to our site. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser when you next visit. This has the advantage for you that your computer does not have to be logged in again when revisiting an encrypted page. The cookies do not store personal data. We only use them for statistical evaluations in order to monitor the success of our website. The evaluation is carried out anonymously. The cookies are deleted after no later than 30 days.

You can set your browser for how cookies will be dealt with: You can, for instance, specify that a cookie will only be accepted if you have agreed to this in advance. If you wish to only accept the cookies of our website, but not the cookies of our service providers and partners, you can specify this in your browser via the setting “Block cookies of third-party providers”.

You can find more information on this under the ‘Help’ function of the internet browser which you use on your computer to access the internet.

We understand that as an internet user you may have reservations about cookies. As a precaution we would like to inform you about some misconceptions:

  • Cookies cannot transmit viruses
  • Cookies cannot read any email addresses
  • Cookies cannot read any drive contents
  • Cookies cannot transmit the history file
  • Cookies cannot send any emails without your knowledge
  • Cookies cannot fill up your entire hard disk, much less delete all its contents

Which essential cookies are used?

The technologies named below are necessary and essential to activate and enable the core functionality of the website. Essential cookies cannot be deactivated via the function of this page. You can generally deactivate cookies in your browser at any time. However, we would like to point out that our website will then no longer work at all or only partially.

Usercentrics Consent Management Platform

Other essential cookies
No personal data is processed.

operational time: Session
description: Cookie for Session-Management

operational time Session
descriptionCookie for Session-Management for Load Balancing

What are analysis tools and how are they used?

We use tracking measures based on Art. 6 para. 1 sentence 1 lit. f of the GDPR. With the tracking measures used, we want to ensure a needs-based presentation and the continuous optimisation of our website. We also use the tracking measures to record statistics on the use of our website, and evaluate them with the aim of optimising our offer to you. These interests are regarded as justified within the meaning of the aforementioned provision.

Google Analytics

Google Optimize

Google Fonts

Facebook “Custom Audience”

The aforementioned data processing only affects users who have a Facebook account or have visited a Facebook partner site (where a cookie has been set). Advertising on Facebook (partner) sites using the “Custom Audience” service does not affect users who do not have a Facebook account. If the Facebook ID contained in the Facebook cookie can be assigned to a Facebook user, Facebook assigns this user to a target audience (“Custom Audience”) according to the rules we have set, if those rules are relevant. We use this information for the presentation of advertisements on Facebook (Partner) sites. If you wish to refuse consent to the use of the Facebook pixel, you can do so by setting an opt-out cookie at the top of this page (“User behaviour data” section), via “opt-out” on Facebook, or by disabling Javascript in your browser. For more information and your options in terms of protecting your privacy for advertising purposes, please refer to Facebook’s privacy policy, which can be found, among other information, at .

LinkedIn Insight-Tag

Code of conduct for handling personal data

With effect as of January 1, 2014, the Württembergische Insurance Companies began following the Code of Conduct for the handling of personal data by the German insurance industry.

With this voluntary commitment the companies go beyond the applicable data protection legislation and therefore underline the high priority that their customers’ data has. This voluntary commitment has been adapted to the requirements of the General Data Protection Regulation (GDPR) and describes the conditions under which insurers may process the personal data of customers and injured parties according to the new data protection legislation. This ensures that the interests of customers are protected and that companies’ processes comply with data protection laws.

Data protection supervisory authorities and the Federation of German Consumer Organizations (vzbv) were involved in an advisory capacity in the development of the voluntary commitment. The independent data protection supervisory authorities of the federal and state governments have confirmed: “Companies that apply the rules of conduct ensure that the requirements of the basic data protection regulations for the insurance industry are sector-specific.”

What do we do for data security?

We use the SSL method (secure socket layer) in conjunction with the highest encryption level supported by your browser. You can see whether an individual page of our website is transmitted in encrypted form by the closed key or lock symbol on the lower status bar of your browser.

In addition, we use technical and organisational measures to protect your data from manipulation, loss, destruction or unauthorised access. Our security measures are improved on an ongoing basis in line with technological progress.

Links to other websites

On our websites want to create only high quality and secure links to other websites, but sometimes we do not notice immediately when linked contents change. Should you notice that links on our website refer to internet sites whose contents violate the applicable law, please inform us via We shall then immediately remove these links from our website.

Current state and changes of this privacy policy

This data protection declaration is currently valid as of 11 December 2020.

It may be necessary to amend this data protection declaration due to the further development of our website and offers or as a result of amended legal or official requirements. You can view and print the current privacy statement at any time on the website.