Data Protection Declaration
This Data Protection Declaration is designed to inform you about the nature, scope, purpose, duration and legal basis for the processing of personal data (hereinafter called “Data”) within our website and linked websites, functions and content as well as external online presences such as e.g. our social media profiles (hereinafter collectively called “Website”).
Personal data is processed by us only to the extent that this is necessary as well as for the purpose of providing a properly functioning and user-friendly website, including its content and the services offered therein.
The Data Protection Declaration of the company düspohl Maschinenbau GmbH deploys the terms used by European legislators in the European General Data Protection Regulation (GDPR). For this reason, when it comes to the utilised terminology, such as e.g. “processing” or “data controller”, we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR), which we briefly explain in advance for our customers and business partners in order to make the Data Protection Declaration easier to understand.
We use the following terms, amongst others, in this Data Protection Declaration:
• Personal data means all information relating to an identified or identifiable natural person (hereinafter called “the Data Subject”“). A natural person is considered identifiable if they can be directly or indirectly identified, in particular through attribution to an identifier such as a name, a reference number, locational data, an online reference identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of these natural persons.
• Data subject means any identified or identifiable or natural person whose personal data is processed by the data controller responsible for the processing.
• Processing means any procedure or series of procedures, such as collecting, gathering, organising, ordering, storing, altering or amending, reading out, retrieving, utilisation, disclosure through transmission or another form of provision, comparison or linking, restricting, deleting or destruction of data in conjunction with personal data.
• Processing restriction means marking saved personal data for the purpose of restricting its future processing.
• Profiling means every type of automated processing of personal data that entails using this personal data to evaluate specific personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the work performance, economic circumstances, health, personal preferences, interests, reliability, behaviour, location or change of location of this natural person.
• Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific affected person without drawing upon additional information, insofar as this additional information is stored separately and is subject to technical and organisational measures that ensure that the personal data cannot be attributed to an identified or identifiable natural person.
• Data controller or person responsible for the processing means the natural person or legal entity, public authority, institution or other body that alone or together with others decides on the purpose and means of processing of personal data. Where the purposes and means of such processing are laid down by EU law or by the law of the member states, the controller or the specific criteria for his appointment may be laid down in accordance with EU law or the law of the member states.
• Processor means a natural person or legal entity, public authority, institution or other body that processes personal data on behalf of the data controller.
• Recipient means a natural person or legal entity, public authority, institution or other body to which personal data is disclosed, irrespective of whether this constitutes a third party. Public authorities that receive personal data under EU law or the law of the member states within the framework of a particular investigation shall not, however, be deemed to be recipients.
• Third party means a natural person or legal entity, public authority, institution or other body, apart from the data subject, the data controller, the processor and the persons who under the direct responsibility of the data controller or of the processor are authorised to process the personal data.
• Consent means every declaration of intent or other unequivocal confirmation issued voluntarily and in an informed manner for the specific case with which the respective person indicates that he or she agrees with the processing of the personal data relating to him or her.
2. Name and address of the data controller
The responsible provider of this website within the meaning of the statutory data protection provisions is:
düspohl Maschinenbau GmbH, An der Heller 7-13, 33758 Schloß Holte-Stukenbrock, Germany, Tel.: +49(0)5207- 9291-0, Fax: +49(0)5207- 9291-11, e-mail: email@example.com, Managing Director: Uwe Wagner, Enterprise data protection officer: IITR Datenschutz GmbH, Dr. Sebastian Kraska, 80331 München, eMail: firstname.lastname@example.org, Tel. 089-18917360.
3. Collection of general data and information
The website of düspohl Maschinenbau GmbH records various general data and information each time the website is accessed by a data subject or automated system.
This general data and information is stored in the server logfiles.
The following may be included:
• utilised browser types and versions,
• the operating system used by the accessing system,
• the website from which an accessing system reaches our website (so-called referrer),
• the sub-websites that are accessed via an accessing system on our website,
• the date and the time of access to the website,
• an internet protocol address (IP address),
• the internet service provider of the accessing system, and
• other similar data and information used for security purposes in the event of attacks on our IT systems
When using this general data and information, düspohl Maschinenbau GmbH does not draw any inferences about the data subject. Instead, this information is required
• to deliver the content of our website correctly,
• to optimise the content of our website as well as the advertising for this,
• to ensure the continuous proper function of our IT systems and the technology of our website as well as
• to provide prosecutors the information they need in the event of a cyber-attack.
This anonymously collected data and information is therefore evaluated statistically by düspohl Maschinenbau GmbH and also with the aim of increasing data protection and data security in our company in order ultimately to ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log-files is stored separately from all personal data provided by a data subject.
4. Registration on our website
If you create a customer account on our website, we shall collect and store the data you enter during registration (e.g. tour name, your address or e-mail address) exclusively for pre-contractual services for which the contractual fulfilment or for the purpose of customer care (e.g. to provide you with an overview of your previous orders, or to offer you the so-called bookmark function). Simultaneously, we shall store the IP address and the date of your registration along with the time. This data shall, of course, not be transferred to any third party.
Within the context of the further registration procedure, your consent shall be obtained during this processing and reference shall be made to this Data Protection Declaration. Data collected by us in this conjunction shall be used exclusively for the purpose of providing the customer account.
To the extent that you consent to this processing, Art. 6 Para. 1 lit. a) GDPR is the legal basis for the processing.
Insofar as the opening of the customer account also serves pre-contractual measures or the contractual fulfilment, then the legal basis for this processing is also Art. 6 Para. 1 lit. b) GDPR.
Pursuant to Art. 7 Para. 3 GDPR, you may revoke the consent you granted us at the time of opening and during the maintenance of the customer account at any time with effect for the future. All you have to do is inform us of your revocation.
The data collected in this respect will be deleted as soon as processing is no longer necessary. We are required, however, to observe retention periods under tax and commercial law.
Personal data that we collect using the contact formIf you are interested in our products, you may transfer the following information to us:
• Your personal details, such as e.g. your address, e-mail address, telephone number and your company or department
If you acquire products from our offers, we collect data in order to fulfil your contract with us:
• Your personal details, such as e.g. your address, e-mail address, telephone number,
• Your company data, including your departmental data
• Payment data (e.g. credit card data, account information, invoice address),
• Your purchased products or services.
If you contact us or if we contact you, or if you take part in special advertising offers, competitions or surveys relating to our products, we may collect the following data:
• Personal details you transmit when you contact us, including using the contact form, e-mail, post and telephone or through social media, such as e.g. your name, user name and your contact data,
• Details about e-mails and other digital communications that we send to you and you open, including links contained therein on which you click,
• Your feedback and your contributions to customer surveys.
Other sources of personal data
We are entitled to use personal data from other sources, e.g. from companies that provide information and data, trading partners and from public registers.
• Your insurance company, its agents and medical staff may share relevant personal data and specific categories of personal data with us in circumstances where we or they need to act on your behalf or on behalf of other clients or in an emergency.
• If you log in with your social network credentials to connect to our platforms and websites such as Facebook, Google+ or Twitter, you agree to share your user information with us. For example, your name, your e-mail address, your date of birth, your location and other information that you wish to share with us.
• We may use recordings of surveillance cameras, IP addresses and browser data collected in or in the immediate vicinity of our company premises, business premises and other buildings.
Personal data about other persons that you transmit to us
• We use the personal data relating to other persons that you transmit to us
• When transmitting personal data of other persons, you must be sure that they consent to this and that you are entitled to transmit the data. You should also ensure that these individuals know how we might use their personal data.
We use your personal data in many ways, as explained below.
In order to provide products and services that you order
We need to process your personal data to administer your account or order, provide you with the products and services you require, and help you with orders and any refunds you may request.
In order to manage and improve our products, services and day-to-day operations
• we use personal information to manage and improve our products, websites, mobile apps, customer loyalty programmes, customer recognition programmes and other services.
• we monitor how our services are used to protect your personal data and to detect and prevent fraud, other crimes and misuse of services. This helps us to ensure that you can use our services securely.
• we may use personal data to respond to and manage security incidents, malfunctions or other similar occurrences. This may be of a medical or insurance-related nature.
• we may use personal data to conduct market research and internal developments and to develop and improve our product range, services, shops and IT systems, security, know-how and the methods of our communication with you.
• we use surveillance camera footage to safeguard the security of anyone who works or visits our stores, offices and other buildings, as well as for the purpose of detecting, preventing and prosecuting criminal activities. We may also rely on the images to exercise and defend our legal rights.
In order to contact and interact with you
• we want to serve you as a customer even better. If you contact us, for example by e-mail, post, telephone or social media, we may use personal data in order to process your request as quickly and efficiently as possible.
• we need to process your personal data to administer special offers and competitions in which you choose to participate. These include those that we organise together with our suppliers and trading partners. For example, if you win a prize.
• to help us better understand you as a customer and to be able to provide you with products, services and marketing communications (including online advertising tailored to your interests), we may combine the personal data we collect when you make purchases with personal data collected through our websites, mobile apps and other sources.
We do not sell your personal data to any third party.
a) Session cookies
We use so-called cookies with our website. Cookies are small text files or other storage technologies that are stored on your device by the internet browser you use. These cookies process certain information about you, such as your browser or location data or your IP address, to an individual extent.
This processing makes our website more user-friendly, effective and secure, as the processing enables, for example, the replication of our website in different languages or the provision of a shopping basket function.
The legal basis for this processing is Art. 6 Para. 1 lit b.) GDPR, insofar as these cookies process data for contract initiation or contract execution.
If the processing does not serve to initiate or process a contract, our legitimate interest lies in improving the functionality of our website. The legal basis is Art. 6 Para. 1 lit. f GDPR.
When you close your internet browser, these session cookies are deleted.
b) Third-party cookies
Please see the following information for details, in particular concerning the purposes and the legal basis of the processing of such third-party cookies.
c) Removal option
You can prevent or restrict the installation of cookies by setting your internet browser accordingly. You can also delete already-saved cookies at any time. The steps and measures required depend, however, on the internet browser you are using. If you have any questions, please use the help function or documentation of your internet browser or contact its manufacturer or support. In the case of so-called flash cookies, however, processing cannot be blocked with browser settings. Instead, you need to alter the setting of your flash player. The steps and measures required depend, once again, on the specific flash player you are using. If you have any questions, please use the help function or documentation of your flash player or contact its manufacturer or support.
If you prevent or restrict the installation of cookies, however, this may mean that not all functions of our website are fully usable.
6. Contract settlement
The data transmitted by you to use our range of goods and/or services will be processed by us for the purpose of contract processing and is required in this respect. Conclusion and processing of the contract are not possible without the provision of your data.
The processed data includes inventory data, communication data, contract data, payment data and the persons affected by the processing include our customers, interested parties and other business partners. Processing is performed for the purpose of providing contractual services within the framework of operating an online shop, invoicing, delivery and customer services. We use session cookies to store the contents of the shopping basket and permanent cookies for storing the login status.
Processing is carried out on the basis of Art. 6 Para. 1 lit. b (Execution of order processes) and c (Archiving required by law) GDPR. The information marked as necessary is required to establish and fulfil the contract.
Within the scope of the contract processing, we pass on your data to the transport company entrusted with the delivery of goods or to the financial service provider if the transfer is necessary for the delivery of goods or for payment purposes.
The legal basis for the transfer of the data is Art. 6 para. 1 lit. b) GDPR.
The deletion takes place after the expiry of statutory warranty and comparable obligations, the necessity of data storage is reviewed every three years; in the case of statutory archiving obligations, the deletion takes place after their expiry (end of the storage obligation under commercial law (6 years) and tax law (10 years)).
7. Subscription to our newsletter
On the düspohl Maschinenbau GmbH website, users are given the opportunity to subscribe to our company's free newsletter.
The following is designed to inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your right to object. By subscribing to our newsletter you agree to receipt and to the described procedures.
Content of the newsletter: We send newsletters, e-mails and other electronic notifications containing advertising information (hereinafter called "Newsletters") only with the consent of the recipients or on the basis of statutory permission. Insofar as the contents of a newsletter are specifically described within the scope of a registration, they shall be decisive for the consent of the users. In addition, our newsletters contain information about our products and associated information (e.g. safety information), offers, special offers and our enterprise.
Double opt-in and logging: Registration for our newsletter entails a so-called double opt-in procedure. This means that following registration you will receive an e-mail asking you to confirm your registration. This confirmation is required to prevent other parties logging in using third-party e-mail addresses. Newsletter subscriptions are logged in order to be able to demonstrate the registration process in accordance with legal requirements. This includes storing the login and confirmation time, as well as the IP address. Changes to your data stored with the shipping service provider are also logged.
Registration data: To subscribe to the newsletter, simply enter your e-mail address. Optionally, we kindly ask you to provide a name, in order to enable the newsletter to address you personally.
The dispatch of the newsletter and the associated performance measurement are performed on the basis of consent issued by the recipient pursuant to Art. 6 Para. 1 lit. a, Art. 7 GDPR in conjunction with § 107 Para. 2 TKG or, if consent is not necessary, on the basis of our legitimate interest in direct marketing pursuant to Art. 6 Para. 1 lt. f. GDPR in conjunction with § 107 Para. 2 & 3 TKG.
The registration procedure is logged on the basis of our legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR. Our interest is based on the use of a user-friendly and secure newsletter system that serves our business interests and meets the expectations of users and furthermore enables us to demonstrate that consent has been issued.
Termination/revocation - You may terminate the receipt of our newsletter at any time, i.e. revoke your consent. You will find a link to cancel the newsletter at the end of each newsletter. We may store unsubscribed the e-mail addresses for up to three years on the basis of our legitimate interest before deleting these, in order to be able to prove that consent had previously been issued. Processing of this data will be limited to the possible purpose of defending against such claims. An individual deletion request is possible at any time, insofar as the former existence of consent is confirmed.
We use a third party email service provider, Mailchimp, to send you our emails. Mailchimp is part of the Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
MailChimp has been certified by the US-EU-Data protection agreement „Privacy Shield“. Hence it is has obligated itself to comply with the EU Data protection rules. Furthermore, we have concluded a data processing agreement with MailChimp. You can read the MailChimp data protection guidelines following this link:
8. Newsletter - measuring performance
The newsletters contain a so-called "web-beacon", i.e. a pixel-sized file that is downloaded from our server when the newsletter is opened or, if we use a shipping service provider, from its server. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected.
This information is used to improve the services technically on the basis of the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined using the IP address) or access times. The statistical evaluation also includes determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be attributed to individual newsletter recipients. However, it is neither our aim, nor, if used, that of the shipping service provider, to monitor individual users. Instead, the evaluations serve us to identify the reading habits of our users and to bring our contents into line with these or to send different contents according to the interests of our users.
Separate revocation of the performance measurement is unfortunately not possible, because in this event the entire newsletter subscription would need to be cancelled.
9. Contact option through the website
In accordance with statutory regulations, the website of düspohl Maschinenbau GmbH contains information that enables quick electronic contact with our company and direct communication with us, also including a general address for so-called electronic mail (e-mail address). If a data subject contacts the data controller via e-mail or using a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data voluntarily provided by a data subject to the controller will be stored for the purpose of processing or contacting the data subject.
When contacting us (e.g. using the contact form, e-mail, telephone or social media), the user's details shall be processed in order to handle the contact enquiry and its settlement pursuant to Art. 6 Para. 1 lit. b) GDPR.
This personal data is not passed on to any third party.
10. Routine deletion and blocking of personal data
Data retained and processed by us shall be erased or subject to restricted utilisation pursuant to Art. 17 and 18 GDPR. Unless expressly specified within the context of this Data Protection Declaration, the data saved by us will be deleted as soon as this is no longer required for its original purpose and this is compatible with statutory retention obligations. Insofar as data is not erased because it is required for other purposes permitted by law, its processing shall be limited. That is to say, the data will be blocked and not processed for other purposes. This applies, e.g. to data that needs to be retained for statutory commercial or tax reasons.
In accordance with the statutory provisions in Germany, storage shall in particular be for 10 years pursuant to §§ 147 Para. 1 AO, 257 Para. 1 No. 1 and 4, Para. 4 HGB (accounts, records, management reports, accounting records, commercial records, documents of relevance for taxation, etc.) and for 6 years pursuant to § 257 Para. 1 No. 2 and 3, Para. 4 HGB (commercial correspondence).
11. Rights of the data subject
You have the right:
• pursuant to Art. 15 GDPR to demand information from us about the personal data we process relating to you. In particular, you may demand information about the purposes of the processing, the category of the personal data that is being processed, the categories of the recipients to whom your data has been or will be disclosed, the planned retention period, the existence of a right to correction, erasure, limited processing or objection, the existence of a right to complain, the origin of your data, insofar as this were not gathered by us, as well as the existence of an automated decision-making procedure including profiling, and if necessary significant information about the relevant details.
• pursuant to Art 16 GDPR, to demand the correction of your incorrect data saved by us or the completion of incomplete data without delay.
• pursuant to Art 17 GDPR, to demand that the erasure of your personal data saved by us, insofar as the processing is not required to exercise the right to free speech and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
• pursuant to Art. 18 GDPR, to demand the limited processing of your personal data insofar as you contest the accuracy of the data, the processing is unlawful, although you reject the erasure thereof and we no longer require the data, while you require this to assert, to exercise or to defend against legal claims or have objected to the processing pursuant to Art. 21 GDPR;
• pursuant to Art 20 GDPR, to demand that the personal data you made available to the us be returned to you in a structured, accessible and machine-readable format, or to demand the transfer thereof to another data controller;
• pursuant to Art. 7 Para. 3 GDPR, to revoke at any time the consent you originally gave us. This will mean that in future we are not able to continue the processing that was based on this consent, and
• pursuant to Art. 77 GDPR file a complaint before a supervisory authority. As a rule, you may contact the supervisory authority of your normal place of residence or place of work or the domicile of our company.
12. Online presence in social media
We maintain an online presence on social networks and platforms in order to communicate with active customers, interested parties and users and to inform them about our services. When accessing the respective networks and platforms, the terms and conditions and the data processing guidelines of their respective operators are applicable.
Unless otherwise stated in our data protection declaration, we process the data of users who communicate with us within social networks and platforms, e.g. write articles on our websites or send with messages.
13. Facebook social plugin
On the basis of our legitimate interest (i.e. interest in the analysis, optimisation and economic operation of online services within the meaning of Art. 6 Para. 1 lit. f. GDPR) we use social plugins (“Plugins”) of the social network facebook.com, which is operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins may display interactive elements or content (e.g. videos, graphics or text contributions) and are identified by one of the Facebook logos (white “f” on blue tile, the terms “like” or a “thumbs up” sign) or are marked with the addition “Facebook Social Plugin”.
The list and the appearance of Facebook social plugins can be viewed here:
Facebook is certified under the Privacy Shied, guaranteeing compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
If a user accesses a section of this website that contains a plug-in of this nature, his browser will establish a direct link to Facebook servers. Facebook will send the content of the plug-in directly to the browser of the user, and will be integrated by this in the website. In this conjunction, processed data may be used to create user profiles. We consequently have no influence over the amount of data Facebook collects with the help of this plugin, and therefore inform users in accordance with our level of knowledge.
By integrating plugins, Facebook receives information that a user has retrieved the corresponding page of the website. If the user is logged in to Facebook, Facebook can attribute the visit to the user’s Facebook account. If users interact with the plugins, for example by clicking the Like button or by providing a comment, the corresponding information will likewise be sent by your device directly to a Facebook server, where it will be saved. If a user is not a member of Facebook, it is still possible for Facebook to obtain and store their IP address. According to Facebook, only an anonymised IP address is stored in Germany.
The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as the associated rights and setting options to protect user privacy are set out in Facebook’s data protection notice: https://www.facebook.com/about/privacy/.
If a user is a Facebook member and does not want Facebook to collect data about them via this website and link it to their membership data stored on Facebook, the user must log out of Facebook before using our website and must delete their cookies. Further settings and objections to the use of data for advertising purposes are possible within the Facebook profile settings: www.facebook.com/settings; or via the US website http://www.aboutads.info/choices/ or the EU website http://www.youronlinechoices.com/.
The settings are platform-independent, i.e. they are applied to all devices, such as desktop computers or mobile devices.
Functions and contents of Twitter, provided by Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, can be integrated into our website. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this website within Twitter.
If users are members of the Twitter platform, Twitter can attribute the retrieval of the above content and functions to the users' Twitter profiles. Twitter is certified under the Privacy Shield, guaranteeing compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active). Data Protection Declaration: https://twitter.com/de/privacy, Opt-Out: https://twitter.com/personalization.
Instragram functions and contents, provided by Instagram Inc, 1601 Willow Road, Menlo Park, CA, 94025, USA, may be integrated within our website. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this website within Instagram. If users are members of the Instagram platform, Instagram can attribute the retrieval of the above content and functions to the users' Instagram profiles. Instagram data protection declaration: http://instagram.com/about/legal/privacy/.
LinkedIn functions and contents, provided by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, may be integrated within our website. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this website within LinkedIn. If users are members of the LinkedIn platform, LinkedIn can attribute the retrieval of the above content and functions to the users' LinkedIn profiles. LinkedIn data protection declaration: https://www.linkedin.com/legal/privacy-policy.. LinkedIn is certified under the Privacy Shied, guaranteeing compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active). Data Protection Declaration: https://www.linkedin.com/legal/privacy-policy, opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Functions and contents of the platform Google+, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”), may be integrated within our website. This may include, for example, content such as images, videos or texts and buttons with which users can share content from this website within Google+. If users are members of the Google+ platform, Google+ can attribute the retrieval of the above content and functions to the users' Google+ profiles.
Google is certified under the Privacy Shield, guaranteeing compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Further information about the use of data by Google, settings and objection options can be found in Google’s data protection declaration (https://policies.google.com/technologies/ads) as well as in the settings for the display of advertisements by Google (https://adssettings.google.com/authenticated).
18. Google Analytics
Google is certified under the Privacy Shield, guaranteeing compliance with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active) .
Google will use this information on our behalf to evaluate the use of our website by the user, to compile reports on activities within this website and to render further services associated with the use of this website and the internet. In this conjunction, processed data may be used to create pseudonymous user profiles.
We use Google Analytics only with activated IP anonymisation. This means the IP address of the user will be abbreviated by Google within the member states of the European Union or in other European Economic Area treaty states. The full IP address will be forwarded to a Google server in the USA only in exceptional cases, where it will be truncated.
Further information about the use of data by Google, settings and objection options can be found in Google’s Data Protection Declaration (https://policies.google.com/technologies/ads ) as well as in the setting for the display of advertisements by Google (https://adssettings.google.com/authenticated ).
Personal data of the user is deleted or anonymised after 14 months.
19. Google Universal Analytics
We use Google Analytics in its configuration as “Universal Analytics”. “Universal Analytics” refers to a Google Analytics process in which user analysis is based on a pseudonymous user ID, enabling a pseudonymous user profile to be created with information from the use of various devices (so-called “cross-device tracking”).
Target group formation with Google Analytics
We use Google Analytics to display ads placed by Google and its partners within advertising services only to users who have also shown an interest in our website or who exhibit certain characteristics (e.g. interests in certain topics or products that are determined by the visited websites) that we transmit to Google (so-called “remarketing” or “Google Analytics Audiences”). With the help of remarketing audiences we also aim to ensure that our ads correspond to the potential interests of users.
20. Data protection provisions concerning the deployment and use of Google AdWords
The data controller has integrated Google AdWords in this website. Google AdWords is an internet advertising service that allows advertisers to place ads in Google's search engine results and in the Google advertising network. Google AdWords allows an advertiser to pre-define certain keywords to display an ad in Google's search engine results only when the user uses the search engine to retrieve a keyword-relevant search result. Within the Google advertising network, ads are distributed to thematically relevant websites using an automatic algorithm and using the previously defined keywords.
The operator of Google AdWords services is Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
The purpose of Google AdWords is to advertise our website by displaying interest-relevant advertising on the websites of third parties and in the search engine results of the Google search engine and by displaying third-party advertising on our website.
If a data subject reaches our website via a Google ad, a so-called conversion cookie is stored by Google on the IT system of the data subject. Cookies have been explained above. A conversion cookie becomes invalid after thirty days and is not used to identify the data subject. If the cookie has not yet expired, the conversion cookie is used to determine whether certain sub-pages, such as the shopping basket of an online shop system, have been retrieved on our website. The conversion cookie enables both us and Google to track whether a data subject who has accessed our website via an AdWords ad has generated revenue, i.e. has completed or cancelled a purchase of goods.
The data and information collected through the use of the conversion cookie is used by Google to generate visiting statistics for our website. We use these visiting statistics to determine the total number of users who have been referred to us via AdWords ads, i.e. to determine the success or failure of the respective AdWords ad and to optimise our AdWords ads in future. Neither our company nor other Google AdWords advertisers receive information from Google that could identify the data subject.
The conversion cookie is used to store personal information, such as the websites visited by the data subject. Personal data, including the IP address of the internet connection used by the data subject, is therefore transferred to Google in the United States of America each time this person visits our website. This personal data is stored by Google in the United States of America. Google may disclose personal data collected through the technical process to third parties.
The data subject can prevent the setting of cookies by our website at any time, as described above, by means of a corresponding internet browser setting, and thus permanently block the setting of cookies. Any such internet browser setting used would also prevent Google from setting a conversion cookie on the IT system of the data subject. In addition, a cookie already set by Google AdWords can be deleted at any time via the internet browser or other software programs.
Furthermore, the data subject may object to interest-based advertising by Google. To do this, the data subject must access the www.google.de/settings/ads link from each of the internet browsers they use and make the required settings there.
21. Data protection provisions concerning the deployment and use of YouTube
We use YouTube in our website. This is a video portal of YouTube LLC, 901 Cherry Ave, 94066 San Bruno, CA, USA, hereinafter called “YouTube”.
YouTube is a subsidiary of Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter called simply “Google”.
By means of certification in accordance with the EU-US Privacy Shield
Google and consequently its subsidiary YouTube guarantees that EU data protection provisions are also adhered to when data is processed in the USA.
We use YouTube in conjunction with the “Extended Privacy Mode” feature to show you videos. The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in improving the quality of our website. According to YouTube, the “Extended Privacy Mode” function means that the data specified below will only be transmitted to the YouTube server if you actually start a video.
Without this “Extended Privacy Mode”, a connection to the YouTube server in the USA will be established as soon as you access one of our website pages on which a YouTube video is embedded.
This connection is required in order to be able to display the respective video on our website via your internet browser. During the course of this, YouTube will record and process at least your IP address, the date and time as well as the website you visited. In addition, a connection to the Google advertising network “DoubleClick” will be established.
If you are simultaneously logged in to YouTube, YouTube will attribute the connection information to your YouTube account. If you wish to prevent this, you must either log out of YouTube before visiting our website or must perform the appropriate settings in your YouTube user account.
For the purpose of functionality as well as the analysis of usage behaviour, YouTube stores permanent cookies on your device via your internet browser. If you do not agree to this processing, you have the option of preventing the storage of cookies by means of corresponding settings in your internet browser. Further information is provided above under “Cookies”.
Google provides further information about the collection and use of data as well as your associated rights and protective options in data protection notices https://policies.google.com/privacy that can be downloaded.
22. Google Maps
We use Google Maps in our website to display our site as well as to create a route map. This is a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA, hereinafter called simply “Google”.
By means of certification in accordance with the EU-US Privacy Shield
Google guarantees that EU data protection provisions are also adhered to when data is processed in the USA.
To enable the display of certain fonts on our website, a connection to the Google server in the USA is established when our website is accessed.
If you retrieve the Google Maps component integrated into our website, Google stores a cookie on your device via your internet browser. Your user settings and data are processed to display our location and to create a route description. We cannot exclude the possibility that Google uses servers in the USA in this conjunction.
The legal basis is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in optimising the function of our website.
The link to Google established in this manner will enable Google to determine from which website your request has been sent and to which IP address the directions are to be transmitted.
If you do not agree to this processing, you have the option of blocking the installation of cookies by means of corresponding settings in your internet browser. Further details are set out above under in the section on “Cookies”.
In addition, the information obtained through the use of Google Maps and through Google Maps is used in accordance with the Google terms and conditions of use https://policies.google.com/terms?gl=DE&hl=de along with the terms and conditions of business for Google Maps https://www.google.com/intl/de_de/help/terms_maps.html.
Google offers additional information.
23. Cooperation with processors and third parties
If we disclose data to other persons and companies (processors or third parties) within the scope of our processing, transmit it to them or otherwise grant them access to the data, this shall only take place on the basis of legal consent (e.g. if a transmission of the data to third parties, such as payment service providers, is necessary in accordance with Art. 6 Para. 1 lit. b GDPR for contract fulfilment), if you have consented, if a legal obligation makes provision for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
If we commission third parties to process data on the basis of a so-called “order processing contract”, this is done on the basis of Art. 28 GDPR.
24. Transmission to third-party countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this shall only take place if this is performed for the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual consent, we process or leave the data in a third country only if the special requirements of Art. 44 et seq. GDPR have been met. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the “Privacy Shield”) or compliance with officially recognised special contractual obligations (so-called “standard contractual clauses”).
25. Google Fonts
We integrate the fonts (“Google Fonts”) of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data Protection Declaration: https://www.google.com/policies/privacy/, opt-out: https://adssettings.google.com/authenticated.
26. Legal basis of the processing
In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. Insofar as the legal basis is not specified in the Data Protection Declaration, the following is applicable: The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 GDPR, the legal basis for processing for the performance of our services and performance of contractual measures as well as for answering inquiries is Art. 6 para. 1 lit. b GDPR, the legal basis for processing to fulfil our legal obligations is Art. 6 para. 1 lit. c GDPR, and the legal basis for processing to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR. If vital interests of the data subject or of another natural person make the processing of personal data necessary, Art. 6 Para. 1 lit. d GDPR serves as the legal basis for this.
27. Legitimate interest in the processing pursued by the data controller or a third party
If the processing of personal data is based on Art. 6 I lit. f GDPR, our legitimate interest is in the performance of our business activity in the interest of the wellbeing of all our employees and shareholders.
28. Duration for which the personal data is stored
The criterion for the duration of the storage of personal data is the respective statutory archiving period. Once the deadline has passed, the corresponding data shall routinely be deleted, insofar as this is no longer required to fulfil or initiate the contract.
29. Statutory or contractual provisions concerning the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of failure to provide this
Please be advised that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual regulations (e.g. information about the contracting party). In certain cases, it may be necessary for a contract to be concluded if a data subject provides us with personal data that subsequently needs to be processed by us. For example, the data subject is obliged to provide us with personal data if our company enters into a contract with this individual. Failure to provide personal data would mean that the contract with the data subject could not be concluded. Prior to the provision of personal data by the data subject, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis about whether the provision of personal data is required by law or contract or required for the conclusion of the contract, whether there is an obligation to provide the personal data and what consequences failure to provide the personal data would have.
30. Security measures
We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, implementation costs and the nature, scope, circumstances and purposes of processing as well as the different likelihood of occurrence and severity of the risk to the rights and freedoms of natural persons, in accordance with Art. 32 GDPR.
Such measures shall in particular include ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability and its separation. We have moreover established procedures to ensure the exercise of rights of data subjects, deletion of data and response to threats to data. Furthermore, we already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and data protection-friendly presettings (Art. 25 GDPR).
31. Data security
We use the widespread SSL process within the context of website visits (Secure Socket Layer) in conjunction with the respective highest encryption level that is supported by your browser. As a rule, this involves 256 bit encryption. If your browser does not support 256 bit encryption, we use 128 bit v3 technology instead. You can identify whether an individual section of our website is being transmitted in encrypted format by the key or closed padlock symbol in the lower menu bar of your browser.
In other respects, we use appropriate technical and organisational security measures to protect your data from accidental or wilful manipulation, partial or complete loss, destruction or from being accessed by unauthorised third parties.
Our security measures are improved on an ongoing basis in accordance with technological developments.
32. Topicality and amendment of this Data Protection Declaration
This Data Protection Declaration is currently valid and its version is August 2018.
Due to the continued development of our website and associated services, or on the grounds of amended statutory or official provisions, it may be necessary to amend this Data Protection Declaration.
You can access and print out the respective current Data Protection Declaration from the website under http://www.duespohl.de/en/privacy/.