DENIOS AG
Dehmer Strasse 58-66
32549 Bad Oeynhausen
br>Tel.: +49 5731753-0
Email: info@denios.ie
Internet: www.denios.ie

DATA PROTECTION

PRIVACY POLICY

1. Introduction

With the following information, we wish to provide you as a "data subject" with an overview of how your personal data are processed by us and your rights under the data protection laws. In principle our websites can be used without entering personal data. However, if you wish to use particular services offered by our company via our website, processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent.

The processing of personal data, such as your name, address or e-mail address, will always be in line with the General Data Protection Regulation (GDPR) and in accordance with the country-specific data protection provisions applicable to DENIOS SE. The purpose of this privacy policy, is to inform you about the scope and purpose of the personal data collected, used, and processed by us.

As the controller, we have taken numerous technical and organisational measures to ensure the most comprehensive protection of personal data processed through this website. Nevertheless, internet-based data transmissions can always have security vulnerabilities so that absolute protection cannot be guaranteed. For this reason you also have the right to submit personal data to us by alternative means, for example by telephone or by post.

2. Controller

The controller within the meaning of the GDPR is essentially:

DENIOS SE, Dehmer Straße 54-66, 32549 Bad Oeynhausen, Telephone: 05731 753-0, Fax: 05731 753-199, E-Mail: info@denios.de

We also use our domestic and foreign subsidiaries in certain cases to deal with your enquiries and orders, and for sales and advertising purposes. An overview of our subsidiaries can be found at https://www.denios.de/unternehmen/denios-weltweit/.

3. Data protection officer

The data protection officer can be reached at the following address: datenschutz-denios@audatis.de

Our data protection officer can be contacted directly at any time for questions or comments you may have regarding data protection.

4. Definitions

This privacy policy is based on the terms used by the European legislature when enacting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily read and understood by the public, and by our customers and business partners. To ensure this, we would like to begin with an explanation of the terms used.

We use the following terms, among others, in this privacy policy:

4.1. Personal data

Personal data means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

4.2. Data subject

A data subject is any identified or identifiable natural person whose personal data are processed by the controller (our company).

4.3. Processing

Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4.4. Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

4.5. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

4.6. Pseudonymisation

Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

4.7. Controller

Controller means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

4.8. Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

4.9. Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

4.10. Consent

Consent means any freely given and informed indication of the data subject's wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

5. Legal basis of the processing

Article 6(1) a) GDPR (in conjunction with Section 15, paragraph 3 TMG [German Telemedia Act]) serves as the legal basis on which our company performs processing operations in relation to which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party as is the case, for example, with processing operations that are necessary for the delivery of goods or performance of contractual obligations, the processing is based on Article 6(1) b) GDPR. The same applies to processing operations that are necessary for the implementation of pre-contractual measures, for example in the case of enquiries about our products or services.

If our company is subject to a legal obligation by which the processing of personal data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Article 6(1) c) GDPR.

In rare cases, the processing of personal data may become necessary to protect vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and as a result their name, age, health insurance details or other vital information needed to be passed on to a doctor, hospital or other third party. Then the processing would be based on Article 6(1) d) GDPR.

Lastly, processing operations could be based on Article 6(1) f) DS-GVO. Processing operations which are not covered by any of the aforementioned legal bases use this as a legal basis if the processing is necessary to protect a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject are not overridden. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, the view was that a legitimate interest could be assumed if you are a customer of our company (Recital 47, sentence 2 of the GDPR).

6. Transfer of data to third parties

Your personal data will not be transferred to third parties for purposes other than those listed below.

We will only pass on your personal data to third parties if:

  1. you have given your explicit consent in accordance with Article 6(1) a) GDPR;

  2. passing on is permissible in accordance with Article 6(1) f) GDPR to protect our legitimate interests and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,

  3. in the event that a legal obligation exists for the disclosure pursuant to Article 6(1) c) GDPR; and

  4. this is legally permissible and necessary according to Article 6(1) b) GDPR for the conducting of contractual relations with you.

As DENIOS is a globally active company, it may be necessary to pass on your personal data to local subsidiaries or sales and business partners, whose registered offices may also be outside the European Economic Area, in order to better deal with a matter for you or to safeguard our legitimate interests.

A transfer of your personal data to third countries takes place on the basis of the standard contractual clauses if there is no adequacy decision of the European Commission for the third country in question.

The standard contractual clauses are available for download at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?uri=CELEX%3A32021D0914&locale=en.

An overview of all the European Commission's adequacy decisions can be found at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_de.

7. Technology

7.1 SSL/TLS encryption

This site uses SSL or TLS encryption to ensure the security of data processing and to protect the transfer of confidential content, such as orders, login data or contact requests that you send to us as the operator. An encrypted connection is recognisable by the fact that there is a "https://" instead of a "http://" in the address line of the browser and by the padlock symbol in your browser bar.

We use this technology to protect your transferred data.

7.2 Data collection when visiting the website

When you use our website for information purposes only, i.e. if you do not register or otherwise transfer information to us, we only collect the data that your browser transfers to our server (in server log files). Our website collects a series of general data and information each time you or an automated system access a page. These general data and information are stored in the server's log files. The following can be recorded

  1. browser types and versions used;

  2. the operating system used by the accessing system;

  3. the website from which an accessing system arrives at our website (known as the referrer);

  4. the sub-websites that are accessed via an accessing system on our website;

  5. the date and time of access to the website;

  6. an Internet protocol (IP) address;

  7. the Internet service provider of the accessing system.

When using these general data and information, we do not draw any conclusions about you as a person. Rather, this information is needed to

  1. deliver the content of our website correctly;

  2. optimise the content of our website and the advertising for it;

  3. ensure the permanent operability of our IT systems and the technology of our website; and

  4. to provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyber-attack.

Therefore, the data and information collected will be used by us for statistical purposes only and with the aim of increasing the data protection and data security of our company to ensure an optimal level of protection for the personal data we process. The server log file data are stored separately from any personal data provided by a data subject.

The legal basis for the data processing is Article 6(1) f) GDPR. Our legitimate interest derives from the data collection purposes listed above.

7.3 Google reCaptcha

On this website we also use the reCAPTCHA function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This function is primarily used to distinguish whether an input is performed by a natural person or improperly by automated machine processing. The service also includes the sending to Google of the IP address and any other data required by Google for the reCAPTCHA service.

These processing operations are only carried out when explicit consent is given in accordance with Article 6(1) a) GDPR.

Further information on Google reCAPTCHA and Google's privacy policy can be found at https://www.google.com/intl/de/policies/privacy/

7.4 Amazon Web Services - AWS (Hosting)

Our website is hosted by Amazon Web Services (AWS). The provider is Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg.

When you visit our website, your personal data are processed on AWS servers. As part of this, personal data may also be passed on to the parent company of AWS in the USA. Data transfer to the USA is based on the EU standard contractual clauses. Details can be found at https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.

The use of AWS is based on Article 6(1) f) GDPR. We have a legitimate interest in ensuring that representation of our website is as reliable as possible.

We have concluded an order processing contract with AWS. This is a contract required by data protection law, which ensures that AWS only processes the personal data of our website visitors in accordance with our instructions and in compliance with GDPR.

For more information on AWS's privacy policy, please visit https://aws.amazon.com/de/privacy/?nc1=f_pr.

7.5 Consent Management Platform (CMP) from OneTrust

This website uses the CMP of OneTrust. The recipient of your data within the meaning of Article 13(1) e) GDPR is OneTrust, LLC, 1350 Spring St NW, Atlanta, GA 30309, USA.

We transfer personal data (consent data) in connection with order processing. Consent data means the following data:

  • the request URLs of the website

  • device information

  • browser information

  • anonymised IP address

  • opt-in and opt-out data

  • date and time of the visit

  • request URLs of the website

  • page path of the website

  • geographical location

Data are processed for the purpose of compliance with legal obligations (duty of proof pursuant to Article 7(1) GDPR and the associated documentation of consents and thus on the basis of Article 6(1) c) GDPR. Local storage is used to store the data.

The functionality of the website is not guaranteed without the described processing. There is no possibility for the user to object as long as there is a legal obligation to obtain the user's consent for certain data processing operations (Articles 7(1), 6(1) c) GDPR.

For more information on OneTrust visit https://www.onetrust.de/datenschutzerklaerung/.

8. Cookies

8.1 General information about cookies

We use cookies on our website. These are small files that are automatically created by your browser and stored on your IT system (laptop, tablet, smartphone or similar) when you visit our site.

The cookie stores information that arises in each case in connection with the specific terminal device used. However, this does not mean that we know your identity immediately.

The use of cookies serves on the one hand to make the use of our service more convenient for you. We use what are known as session cookies to identify that you have already visited individual pages of our website. These are automatically deleted once you leave our site.

Furthermore, in order to optimise user-friendliness, we use temporary cookies which are stored on your terminal device for a certain set time. If you visit our site again to use our services, it is automatically identified that you have previously visited us together with your inputs and settings so that you do not have to enter them again.

On the other hand, we use cookies to gather statistics on the use of our website and to evaluate it for the purpose of optimising our service for you. These cookies enable us to automatically identify that you have previously visited our site when you return. These cookies are automatically deleted after a set time.

8.2 Legal basis for the use of cookies

The data processed by cookies, which are required for the correct functioning of the website, are necessary to protect our legitimate interests as well as those of third parties in accordance with Article 6(1) f) GDPR.

The processing of your personal data via our consent cookie (OneTrust) is carried out in order to map and prove your consent to the delivery of technically unnecessary cookies and thus for the purpose of complying with the applicable legal provisions of Article 6(1) c) GDPR.

For all other cookies, you must have given your consent to this within the meaning of Article 6(1) a) GDPR via our opt-in cookie banner.

9. Content of our website

9.1 Registration of a customer account

You have the option of registering on our website by providing personal data.

The personal data that are transferred to us in the process are the result of the particular input mask that is used for registration.

Essentially, the following data are involved:

  • First name, last name

  • Billing and delivery address

  • E-mail address

  • Billing and payment details

  • Date of birth, if appropriate

  • Telephone number, if appropriate

The personal data you enter are collected and stored exclusively for internal use by us and for our own purposes. We may arrange for the transfer to one or more processors, for example a parcel service provider, who will also use the personal data exclusively for internal purposes attributable to us.

When registering on our website, the IP address assigned by your Internet service provider (ISP), and the date and the time of registration, are also stored. These data are stored because this is the only way to prevent abuse of our services and, if necessary, to enable us to shed light on criminal offences that have been committed. In this respect, the storage of these data is necessary for our protection. Essentially, these data are not passed on to third parties unless there is a legal obligation to do so or the passing on is for the purpose of criminal prosecution.

Your registration and voluntary provision of personal data also help us to offer you content or services which, due to the particular nature of these, can only be offered to registered users. Registered persons are free to change the personal data provided during registration at any time or to have it completely erased from our database.

We will provide you with information on the personal data stored about you at any time upon request. Furthermore, we will rectify or erase personal data at your request, provided this does not conflict with any statutory retention obligations. The data protection officer named in this data protection policy and all other employees may be contacted by the data subject in this connection.

Your data are processed to allow convenience and ease of use of our website. This constitutes a legitimate interest within the meaning of Article 6(1) f) GDPR.

To allow the use of your e-mail address to set up the account, we will also send you a confirmation e-mail on the basis of Article 6(1) c) GDPR.

9.2 Data processing for contract execution purposes

Pursuant to Article 6(1) b) GDPR, personal data are collected and processed if you provide them for the performance of a contract. The data collected are shown on the respective web forms. We store and use the data you provide for contract execution purposes. Once the contract has been fully executed, the tax and commercial law retention periods for your data will begin and upon expiry of these they will be erased, unless you have explicitly consented to a further use of your data or a legally permitted further use of data has been reserved on our part, about which we inform you accordingly below.

The personal data collected by us will be passed on to the transport company commissioned with the delivery as part of the contract execution, insofar as this is necessary for the delivery of the goods. We pass on your payment data to the credit institution we use for payment processing, where this is necessary for that process. Where payment service providers are used, explicit information about this is provided below. The legal basis for the transfer of data is Article 6(1) b) GDPR.

9.3 PAQATO

When your goods are shipped, the order header data are processed to track the shipment and identify GDPR problem cases. The user's details are stored and processed in the PAQATO dispatch analysis system of PAQATO GmbH, Johann-Krane-Weg 6, 48149 Münster, Federal Republic of Germany. The described processing activities are performed to allow delivery of the goods more quickly and without errors and to ensure smooth communication and are carried out on the basis of our legitimate interest in providing the corresponding services (Article 6(1) f) GDPR). We erase the data as soon as they are no longer necessary. We review the necessity every two years; the legal archiving obligations also apply.

9.4 Data processing for identity checking

Where necessary, we verify your identity on the legal basis of Article 6(1) b) and f) GDPR by using information from service providers. This is justified for the protection of your identity and prevention of attempted fraud at our expense. The fact and the outcome of our enquiry will be added to your customer account or your guest account for the duration of the contractual relationship.

9.5 Data processing for credit screening and scoring

If we make advance payments, e.g. in the case of a purchase on account, we reserve the right to obtain a credit report from specialised service providers (credit agencies) in order to protect our legitimate interests. For this purpose, we will transfer your personal data required for a credit assessment to the following company(ies):

Creditsafe Deutschland GmbH

Schreiberhauer Straße 30

10317 Berlin

The credit report may contain probability data (scores) which are calculated on the basis of scientifically recognised mathematical-statistical methods and the calculation of which includes address data. We use the information received about the statistical probability of a payment default to reach a balanced decision on the basis, implementation or termination of the contractual relationship. Your legitimate interests will be taken into account in accordance with the statutory provisions.

The legal basis for these transfers is Article 6(1) b) and Article 6(1) f) GDPR. Our legitimate interest is the protection of our company against payment defaults.

9.6 Contact/Contact form

Personal data are collected when you contact us (e.g. via contact form or e-mail). The data collected in the case of a contact form are shown on the respective contact form. These data are stored and used exclusively for the purpose of dealing with your enquiry or for contacting you, and for the associated technical administration. The legal basis for the processing of the data is our legitimate interest in responding to your enquiry in accordance with Article 6(1) f) GDPR. If your contact is aimed at the conclusion of a contract, a further legal basis for the processing is Article 6(1) b) GDPR. Your data will be deleted after your enquiry has been processed. This is the case if the circumstances indicate that the matter in question has been conclusively settled and provided that there are no statutory retention obligations to the contrary.

10. Data processing for advertising purposes

10.1 Own advertising purposes and advertising purposes of third parties/interest-based advertising

If you have concluded a contract with us or have asked for advertising material to be sent to you, we will list you as an existing or prospective customer. In such cases, we process your data in order to send you information about new products and services in this way. This processing is carried out on the basis of Article 6(1) f) GDPR if and insofar as not otherwise stated in this privacy policy.

To ensure that you only receive advertising information that is of presumed interest to you, we categorise and add further information to your customer profile on the basis of Article 6(1) f) GDPR. Both statistical information and information about you personally (e.g. basic data from your customer profile) are used for this purpose. The aim is to send you advertising material geared solely to your actual or presumed needs and accordingly not to bother you with unnecessary advertising.

We erase your personal data as soon as it is no longer required for achieving its purpose, but at the latest upon expiry of the applicable statutory retention periods.

If you object, the contact address concerned will be blocked for further data processing for advertising purposes. We would like to point out that in exceptional cases, advertising material may still be sent for a short time after receipt of your objection. This is due to the technical lead time required for advertising activities and does not mean that we will not act on your objection.

10.2 Newsletter distribution to existing customers

If you have provided us with your e-mail address when purchasing goods or services, we may periodically e-mail you offers for goods or services similar to those you have already purchased from our range. In accordance with Section 7(3) of the German Unfair Competition Act (UWG), we do not need to obtain separate consent from you for this. The legal basis for the processing of the data is our legitimate interest in personalised direct advertising in accordance with Article 6(1) f) GDPR. If you have initially objected to the use of your e-mail address for this purpose, we will not send you any e-mails. You may, of course, object to the use of your e-mail address for advertising purposes at any later time.

Upon receipt of your objection, the use of your e-mail address for advertising purposes will cease immediately. For your objection regarding the use of your e-mail address, you will only incur transmission costs at the basic rates.

10.3 Information e-mail on the digital catalogue

If you have provided us with your contact details at www.denios.de/digitaler-katalog, we will send you an information e-mail on a regular basis (usually at least once a year) informing you about our latest main catalogue and giving you access to our digital catalogue.

This information is provided on the basis of our legitimate interest in sending you information about our current product portfolio and our current prices. The legal basis for the data processing is Article 6(1) f) GDPR.

The personal data collected in the course of registration for the information e-mail is used to send said information e-mail and to enable access to our digital catalogue. Furthermore, subscribers to the information e-mail may receive information by e-mail if this is necessary for the operation of the relevant services. This may be the case, for example, if the technical conditions change.

No personal data collected in the course of registration for the information e-mail will be passed on to third parties. You can object to receiving future information e-mails from us at any time. Please feel free to send your objection to datenschutz-denios@audatis.de.

10.4 Advertising newsletter

On our website, you are given the option to subscribe to our company newsletter. The personal data that are transferred to us in the process come from the particular input mask that is used for registration.

We inform our customers and business partners about our offers at regular intervals by means of a newsletter. You can only receive our company newsletter if

  1. you have a valid e-mail address and

  2. you have registered for newsletter distribution.

For legal reasons, a confirmation e-mail will be sent to the e-mail address you provided initially for the newsletter distribution using the double opt-in procedure. This confirmation e-mail is used to check whether you, as the owner of the e-mail address, have authorised receipt of the newsletter.

When you register for the newsletter, we also store the IP address of the IT system used to register which is assigned by your internet service provider (ISP), as well as the date and time of registration. The collection of these data is necessary in order to be able to trace (possible) misuse of your e-mail address at a later date and therefore serves for our legal protection.

The personal data collected in connection with the registration for the newsletter are used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter may be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, as may be the case in the event of changes to the newsletter service or a change in the technical circumstances. No personal data collected in the course of registration for the information e-mail will be passed on to third parties. You can cancel your subscription to our newsletter at any time. The consent to the storage of personal data that you have given us for the newsletter distribution can be withdrawn at any time. A link can be found in each newsletter for the purpose of withdrawing consent. Furthermore, it is also possible to unsubscribe from the newsletter distribution at any time directly on our website or to inform us of this in another way. You will incur no additional costs from your withdrawal, other than the transmission costs according to the basic rates.

The legal basis for data processing for the purpose of newsletter distribution is, in the case of your registration to receive the newsletter, Article 6(1) a) GDPR.

Further information on the DENIOS SE newsletter as well as examples of previous newsletter content can be found at https://www.denios.de/newsletter/.

10.5 Episerver

We use Episerver to send out newsletters. The provider is Episerver GmbH, Wallstraße 16, 10179 Berlin. Episerver is a service that can be used to organise and analyse newsletter distribution. The data entered to subscribe to the newsletter (e.g. e-mail address) are stored on Episerver's servers.

Our newsletters sent with Episerver allow us to analyse the behaviour of newsletter recipients. Among other things, it is possible to analyse how many recipients have opened the newsletter message and how often a particular link in the newsletter was clicked. With the help of what is known as conversion tracking, it is also possible to analyse whether a predefined action (e.g. purchase of a product on our website) has taken place after clicking on the link in the newsletter.

In the case of sending our newsletter to our existing customers (section 10.2), the analysis is carried out on the basis of our legitimate interest in determining the success of our newsletter and optimising its content (Article 6(1) f) GDPR). If you register to receive our newsletter (section 10.3), the analysis will be carried out on the basis of your consent given during registration (Article 6(1) a) GDPR).

If you do not want any analysis via Episerver, you must unsubscribe from the newsletter. We provide a link for this in every newsletter message. Furthermore, you can also unsubscribe from the newsletter directly on the website.

The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter and will be blocked on our servers as well as on the servers of Episerver for the further sending of newsletters once you have cancelled. Should you also wish to have your data erased for newsletter purposes, please let us know. Data stored by us for other purposes (e.g. e-mail addresses for the members' area) remain unaffected by this.

For more details, please see Episerver's privacy policy at https://www.episerver.com/de/legal/datenschutz

10.6 Cooperation with our subsidiaries for advertising purposes

In order to safeguard the legitimate interests of the DENIOS Group pursuant to Article 6(1) f) GDPR in the optimisation of the advertising and sales market presence of our corporate headquarters and our subsidiaries, it may be necessary for us to share certain personal data within the DENIOS Group. This concerns in particular possible contact data, information about your interests and your customer profile and about your use of our products and services.

10.7. Obtaining of expert publications

The personal data provided in the context of the free ordering of DENIOS expert publications will be used by the DENIOS Group for the purpose of sending the DENIOS newsletter and for postal and/or telephone contact by DENIOS to provide information on products and services of the DENIOS Group.

The use of personal data for the purposes described is the contractually stipulated and necessary compensation of DENIOS for the free provision of the download (payment for the expert publication with personal data).

The respective document can only be provided free of charge due to the possibility of promotional use of the personal data. For this reason, additional consent to receipt of the newsletter and/or to said further advertising measures is not required. The legal basis of the processing is Article (6)(1) b) GDPR.

You can object to receiving advertising information by e-mail, post or telephone at any time by sending informal notice to DENIOS (e-mail: info@denios.de, telephone: 05731 753-0). No further use of the data for advertising will be made after the objection. By exercising your right of objection, you will not incur any costs other than the transmission costs at the basic rates.

Further information on the DENIOS SE newsletter as well as examples of previous newsletter content can be found at https://www.denios.de/newsletter/.

12. Our activities on social networks

So that we can also communicate with you on social networks and inform you about our services, we have a presence there through our own pages. If you visit one of our social media pages, we are a controller together with the provider of the respective social media platform within the meaning of Article 26 GDPR with regard to the processing operations resulting therefrom involving personal data.

We are not the original provider of these pages, but merely use them according to the options made available to us by the respective providers.

Therefore, as a precaution, we would point out that your data may also be processed outside the European Union or the European Economic Area. Use may therefore have data protection risks for you, as it may be more difficult to protect your rights, e.g. to information, erasure, objection, etc., and processing in the social networks is often carried out directly for advertising purposes or to analyse user behaviour by the providers, without us being able to influence this. If usage profiles are created by the provider, cookies are often used, or the user behaviour is directly assigned to your own member profile of the social networks (if you are logged in here).

The personal data processing operations described are carried out in accordance with Article 6(1) f) GDPR on the basis of our legitimate interest and the legitimate interest of the respective provider to be able to communicate with you in a timely manner or to inform you about our services. If you have to give your consent to data processing as a user to the respective providers, the legal basis relates to Article 6(1) a) GDPR in conjunction with Article 7 GDPR.

As we do not have access to the providers' databases, we would point out that it is best to exercise your rights (e.g. to information, rectification, erasure, etc.) directly with the respective provider. Further information on the processing of your data on the social networks and the option to use your right of objection or revocation (opt-out) is provided below for the respective providers of the social networks used by us:

12.1 Facebook

(Joint) data controller in Europe:

Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy policy (Data policy): https://www.facebook.com/about/privacy

Opt-out and advertising settings:

https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

https://de-de.facebook.com/about/privacy/

12.2 Instagram

(Joint) data controller in Germany:

Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland

Privacy policy (data policy): http://instagram.com/legal/privacy/

Opt-out and advertising settings:

https://www.instagram.com/accounts/privacy_and_security/

12.3 LinkedIn

(Joint) data controller in Europe:

LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland

Privacy policy: https://www.linkedin.com/legal/privacy-policy

Opt-out and advertising settings:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

12.4 Twitter

(Joint) data controller in Europe:

Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland

Privacy policy: https://twitter.com/de/privacy

Information about your data:

https://twitter.com/settings/your_twitter_data

Opt-out and advertising settings:

https://twitter.com/personalization

12.5 YouTube

(Joint) data controller in Europe:

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

Privacy policy: https://policies.google.com/privacy

Opt-out and advertising settings:

https://adssettings.google.com/authenticated

13. Web analysis

13.1 econda

13.1.1 econda (Cookie)

We have incorporated components from the econda company in this website. Econda is a web analysis service. Web analysis is the collection, collation and evaluation of data about the behaviour of visitors to websites. A web analysis service collects, among other things, data about the website from which a data subject has accessed a website (referrer), which sub-pages of the website have been accessed or how often and for how long a sub-page has been viewed. A web analysis is mainly used to optimise a website and for a cost-benefit analysis of internet advertising.

The operating company of econda is econda GmbH, Zimmerstr. 6, 76137 Karlsruhe, Germany.

Econda sets a cookie in your IT system. Each time you access one of the individual pages of this website that is operated by us and into which an econda component has been integrated, the internet browser on your IT system is automatically prompted by the respective econda component to transfer data to econda for marketing and optimisation purposes. As part of this technical procedure, econda obtains knowledge of data that is subsequently used to create pseudonymous usage profiles. The usage profiles obtained in this way are used to analyse your behaviour and are evaluated with the aim of improving and optimising our website. The data collected via the econda component will not be used to identify you without first obtaining your separate and explicit consent. These data will not be merged with personal data or with other data containing the same pseudonym.

You can prevent the setting of cookies by our website at any time by means of a corresponding setting in the Internet browser used and thus permanently object to the setting of cookies. Such a setting of the Internet browser used will also prevent econda from setting a cookie in your IT system. In addition, cookies already set by econda can be deleted at any time via an Internet browser or other software programmes.

Furthermore, you have the option of objecting to the collection of data generated by the econda cookie and related to the use of this website, as well as to the processing of these data by econda, and to prevent such processing. To do this, you must press the send button on the link https://www.econda.de/econda/unternehmen/datenschutz/widerspruchscookie/, which sets the opt-out cookie. The opt-out cookie set with the objection is stored on your IT system. If the cookies on your IT system are deleted after an objection, you must click the link again and set a new opt-out cookie.

With the setting of the opt-out cookie, however, there is the possibility that you will no longer be able to fully use our Internet pages.

You can also prevent the saving of cookies by setting your web browser accordingly. You can further prevent the storage and transmission of personal data by deactivating JavaScript in your web browser or installing a JavaScript blocker (e.g. https://noscript.net or https://www.ghostery.com). We would point out that these measures may result in not all functions of our website being available.

The processing operations by eConda are carried out exclusively when explicit consent is given in accordance with Article 6(1) a) GDPR via our cookie banner.

The applicable privacy policy of econda can be found at https://www.econda.de/econda/unternehmen/datenschutz/datenschutzerklaerung/.

13.1.2 Econda Crossell

We have incorporated components from the econda company in this website. The operating company of econda is econda GmbH, Zimmerstr. 6, 76137 Karlsruhe, Germany.

Econda Cross Sell is a SaaS tool that integrates product recommendations and other dynamic content into websites or online shops. These include recommendations of alternative products on product detail pages or the listing of top sellers on category overview pages.

The following data are used to calculate the dynamic content:

  • Information from the context of the current page.

No personal data are used in doing so and there is no access to the terminal device's memory.

  • Statistics on associations between products and their properties.

These are calculated from historical movement data, among other things. For the collection of movement data, the anonymous measurement of econda Analytics is used and pseudonymised user profiles are created. Cookies are set for this purpose, which process data that enable your browser to be recognised. Among other things, your IP address. This is anonymised immediately upon receipt, so that it is not possible to assign the usage profiles to the IP addresses.

The legal basis for this data processing (data collection with Econda Analytics) is your consent pursuant to Article 6(1) a) GDPR.

If consent has been requested, the processing of the data is based on Article 6(1) a) GDPR. Otherwise, the use pursuant to Article 6(1) f) GDPR is based on our legitimate economic interest in being able to offer our services in a targeted manner and thus generate sales.

Your data are processed by our contractor econda GmbH on the basis of an order processing contract. The contractor will not use the data for its own purposes and will not pass them on to third parties. The data are stored until the purpose of the data processing no longer applies.

You can view eConda's privacy policy at: https://www.econda.de/econda/unternehmen/datenschutz/datenschutzerklaerung/.

13.2 Use of Google products

13.2.1 Google Tag Manager

This website uses Google Tag Manager, a cookie-less domain that does not collect any personal data.

With this tool, "website tags" (i.e. keywords that are integrated into HTML elements) can be implemented and managed via an interface. By using the Google Tag Manager, we can automatically track which button, link or personalised image you have actively clicked on, and can then record which contents of our website are of particular interest to you.

The tool also activates other tags, which in turn may collect data. Google Tag Manager does not access these data. If you have deactivated at domain or cookie level, this will remain in place for all tracking tags implemented with Google Tag Manager.

These processing operations are only carried out when explicit consent is given in accordance with Article 6(1) a) GDPR.

13.2.2 Google Analytics

Our websites use Google Analytics, a web analytics service provided by Google Ireland Limited (https://www.google.de/intl/de/about/) (Gordon House, Barrow Street, Dublin 4, Ireland, hereafter "Google"). In this context, pseudonymised usage profiles are created and cookies (see section on "Cookies") are used. The information generated by the cookie about your use of this website, such as your

  1. browser type/version,

  2. operating system used,

  3. referrer URL (the previously visited page),

  4. host name of the accessing computer (IP address),

  5. time of the server request,

are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on website activity and to provide other services associated with website and internet use for the purposes of market research and demand-oriented design of these Internet pages. This information may also be transferred to third parties if this is required by law or if third parties process these data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that no attribution is possible (IP masking).

You can adjust the settings of your browser to prevent the installation of cookies; however, we would like to point out that you may then not be able to fully use all the features of this website.

These processing operations are only carried out when explicit consent is given via our cookie banner in accordance with Article 6(1) a) GDPR.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of these data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent the collection by Google Analytics by clicking on the following link: Deactivate Google Analytics. An opt-out cookie will be set to prevent future collection of your data when visiting this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found in Google Analytics Help (https://support.google.com/analytics/answer/6004245?hl=de).

13.2.3 Google Ads

Our website uses the functions of Google Ads, with which we advertise this website in Google search results, and on third-party websites. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). For this purpose, Google sets a cookie in the browser of your terminal device, which automatically enables interest-based advertising by means of a pseudonymous cookie ID and on the basis of the pages you visit.

These processing operations are only carried out when explicit consent is given in accordance with Article 6(1) a) GDPR.

Additional data processing will only take place if you have consented to Google linking your web and app browsing history to your Google Account and using information from your Google Account to personalise ads you view on the web. In this case, if you are logged in to Google while visiting our website, Google will use your data together with Google Analytics data to create and define target group lists for cross-device remarketing. For this purpose, your personal data will be temporarily linked by Google with Google Analytics data in order to form target groups.

You can permanently deactivate the setting of cookies for advertising preferences by downloading and installing the browser plug-in available at the following link: https://www.google.com/settings/ads/onweb/

Alternatively, you can obtain information from the Digital Advertising Alliance at the Internet address www.aboutads.info about the setting of cookies and make settings for this. Finally, you can set your browser so that you are informed about the setting of cookies and decide individually about their acceptance or exclude the acceptance of cookies for certain cases or in general. If you do not accept cookies, the functionality of our website may be limited.

Further information and the data protection regulations regarding advertising and Google can be viewed here: https://www.google.com/policies/technologies/ads/

13.2.4. Double-Click

This website contains components of DoubleClick by Google. DoubleClick is a Google trademark (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), under which special online marketing solutions are marketed to advertising agencies and publishers.

DoubleClick by Google transfers data to the DoubleClick server with each press as well as with clicks or other activities. Each of these data transfers initiates a cookie request to your browser. If the browser accepts this request, DoubleClick sets a cookie on your IT system. The purpose of the cookie is to optimise and fade-in advertising. The cookie is used, among other things, to place and display user-relevant advertising and to create reports on or improve advertising campaigns. The cookie also serves to avoid multiple fade-ins of the same advertisement.

DoubleClick uses a cookie ID, which is necessary for performing the technical procedure. The cookie ID is needed, for example, to display an advertisement in a browser. DoubleClick can also use the cookie ID to record which advertisements have already been blended-in in a browser to avoid duplicate placements. Furthermore, the cookie ID enables DoubleClick to record conversions.

A cookie from DoubleClick does not contain any personal data. However, a DoubleClick cookie can contain additional campaign identifiers. A campaign identifier is used to identify the campaigns with which you have already been in contact.

Each time you visit one of the individual pages of this website that is operated by us and in which a DoubleClick component has been integrated, the internet browser on your IT system is automatically prompted by the respective DoubleClick component to transfer data to Google for online advertising and the calculation of commission. As part of this technical process, Google obtains knowledge of data that Google also uses to generate commission statements. Among other things, Google can track that you have clicked on certain links on our website.

You can prevent DoubleClick and our website from setting cookies at any time by adjusting your internet browser settings accordingly. In addition, cookies that have already been set can be deleted at any time via the Internet browser or other software programmes.

The use of DoubleClick is based on your consent to the stated processing operations (Article 6(1) a) GDPR).

Further information and the applicable data protection provisions of DoubleClick by Google can be found at https://www.google.com/intl/de/policies/.

13.3 WiredMinds

Our website uses the pixel-counting technology of WiredMinds GmbH (www.wiredminds.de) to analyse visitor behaviour.

In doing so, the IP address of a visitor is processed. The processing is carried out solely for the purpose of collecting corporate oriented information such as the company name.

IP addresses of natural persons are excluded from further use (whitelist procedure). The IP address is never stored in LeadLab.

When processing data, it is in our particular interest to safeguard the data protection rights of natural persons. Our interest is based on Article 6(1) f) GDPR. The data we collect does not allow any conclusion to be drawn about an identifiable person at any time.

WiredMinds GmbH uses this information to compile anonymous usage profiles relating to visitor behaviour on our website. The data obtained in this way are not used to personally identify the visitor to our website.

Exclude from tracking

13.4 FACT-Finder

A Java-Script code from Omikron Data Quality GmbH, Habermehlstr. 17, 75172 Pforzheim, Germany is incorporated into our website (known as FACT-Finder). We use FACT-Finder to make it easier for you to find our products in the shop. Our use of the FACT Finder and the associated data processing serve our legitimate interest in providing you with the best possible customer experience in our shop. The legal basis for the processing is Article 6(1) f) GDPR.

13.5 Hotjar

This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: www.hotjar.com).

Hotjar is a tool used to analyse your user behaviour on this website. With Hotjar, we can record your mouse and scroll movements and clicks, among other things. Hotjar can also determine how long you have stayed with the mouse pointer on a certain spot. From this information, Hotjar creates what are known as heat maps, which can be used to determine which website areas are viewed preferentially by the website visitor.

Furthermore, we can determine how long you stayed on a page and when you left it. We can also determine at which point you abandoned your entries in a contact form (known as conversion funnels). Hotjar can also be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings.

Hotjar uses cookies. Cookies are small text files that are stored on your computer and saved by your browser. They serve to make our offer more user-friendly, effective and secure. These cookies can be used in particular to determine whether this website has been visited with a particular terminal device or whether the Hotjar functions have been deactivated for the browser in question. Hotjar cookies remain on your terminal device until you delete them.

You can configure your browser to inform you about the setting of cookies so that you can accept or reject cookies on an individual basis, to automatically accept cookies under certain conditions or always reject them, and to automatically delete cookies when you close your browser. If cookies are deactivated, the functionality of this website may be limited.

The use of Hotjar and the storage of Hotjar cookies is based on Article 6(1) a) GDPR.

13.6 Bing Ads

On the Website, we use technology from Bing Ads (bingads.microsoft.com), which is provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft"). Microsoft sets a cookie on your terminal device if you have accessed our website via a Microsoft Bing ad. This allows Microsoft and us to recognise that someone has clicked on an ad, been redirected to our website and reached a pre-determined landing page ("conversion site"). We only learn the total number of users who clicked on a Bing ad and were then directed to the conversion site. Microsoft collects, processes and uses information via the cookie, from which usage profiles are created using pseudonyms. These usage profiles serve to analyse visitor behaviour and are used to display advertisements. No personal information about the identity of the user is processed.

If you do not want information about your behaviour to be used by Microsoft as explained above, you can refuse the setting of a cookie required for this - for example, by means of a browser setting that generally deactivates the automatic setting of cookies. You can also prevent the collection of data generated by the cookie and related to your use of the website, as well as the processing of these data by Microsoft, by clicking on the following link https://choice.microsoft.com/de-DE/opt-out to register your objection. For more information on data protection and the cookies used by Microsoft and Bing Ads, please visit the Microsoft website https://privacy.microsoft.com/de-de/privacystatement.

The use of Bing Ads and the storage of the Bing cookie is based on Article 6(1) a) GDPR.

13.7 LinkedIn Analytics and LinkedIn Ads

The LinkedIn Insight Tag of LinkedIn Ireland Unlimited Company is integrated into this website. This tool creates a cookie in your web browser, which allows in particular the collection of the IP address, device and browser properties and page events.

Use of the LinkedIn Insight Tag enables the display of personalised advertisements to visitors to this website on LinkedIn. The option also exists to create anonymous reports on the performance of the advertisements as well as information on website interaction.

LinkedIn does not share any personal data with us.

Please see LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy for more information on data collection and use, and the options and rights for protecting your privacy. If you are logged in to LinkedIn, you can deactivate the data collection at any time using the following link: https://www.linkedin.com/psettings/enhanced-advertising.

These processing operations are only carried out when explicit consent is given in accordance with Article 6(1) a) GDPR.

13.8 Visual Website Optimizer

On this website we use the Visual Website Optimizer service. The operating company is Wingify Software Private Limited, 404, Gopal Heights, Netaji Subhash Place, Pitam Pura, Delhi 110034, India.

Visual Website Optimizer allows you to track the effects of various changes to a website (e.g. changes to the input fields, the design, etc.) within the context of what is known as "A/B testing".

If consent is given, the following data may be transmitted to VWO:

  • Click paths

  • (Anonymised) IP address

  • Use of elements

  • Duration of the website visit

  • Browser information

  • Location

  • Date and time of the visit

  • Device operating system

These processing operations are only carried out when explicit consent is given in accordance with Article 6(1) a) GDPR. If you do not want the data mentioned to be collected and processed via VWO, you can refuse your consent or revoke it at any time with effect for the future.

Further information on Visual Website Optimizer can be found at: https://vwo.com/privacy-policy/.

If you do not want the Visual Website Optimizer to record your usage behaviour, you can object to the data collection using this link https://www.denios.de/?vwo_opt_out=1

14. YouTube

We have integrated components from YouTube into this website. YouTube is an Internet video portal that allows video publishers to post video clips free of charge and other users to view, rate and comment on them free of charge. YouTube permits the publication of all types of videos, which is why complete film and television programmes, music videos, trailers, and videos produced by users themselves can be retrieved via the online portal.

YouTube is operated by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Each time you access one of the individual pages of this website operated by us into which a YouTube component (YouTube video) has been integrated, the internet browser on your IT system is automatically prompted by the respective YouTube component to download a representation of the corresponding YouTube component from YouTube. More information about YouTube can be found at https://www.youtube.com/yt/about/en/. As part of this process YouTube and Google receive information about which specific sub-page of our website is visited by you.

If the data subject is logged into YouTube at the same time, YouTube recognises which specific sub-page of our website you are visiting when you access a sub-page that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account.

YouTube and Google always receive information via the YouTube component that you have visited our website if you are logged into YouTube at the same time as visiting our website; this happens regardless of whether you click on a YouTube video or not. If you do not want this information to be transferred to YouTube and Google, you can prevent the transfer by logging out of your YouTube account before accessing our website.

These processing operations are only carried out when explicit consent is given in accordance with Article 6(1) a) GDPR.

The privacy policy published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/, provides information on the collection, processing and use of personal data by YouTube and Google.

15. Your rights as a data subject

15.1 Right to confirmation

You have the right to request confirmation from us as to whether personal data relating to you are being processed.

15.2 Right of access Article 15 GDPR

You have the right to receive information from us at any time and free of charge about the personal data stored about you, as well as a copy of these data in accordance with the statutory provisions.

15.3 Right of rectification Article 16 GDPR

You have the right to request that inaccurate personal data concerning you are rectified. Taking into account the purposes of the processing, you also have the right to have incomplete personal data completed.

15.4 Erasure Article 17 GDPR

You have the right to request us to erase the personal data concerning you without delay, as long as one of the reasons provided for by law applies and insofar as the processing or storage is not necessary.

15.5 Restriction of processing Article 18 GDPR

You have the right request us to restrict processing if one of the legal requirements is met.

15.6 Data portability Article 20 GDPR

You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transfer these data to another controller without hindrance from us to whom the personal data has been provided, provided that the processing is based on consent pursuant to Article 6(1) a) of the GDPR or Article 9(2) a) of the GDPR or on a contract pursuant to Article 6(1) b) of the GDPR and the processing is carried out with the aid of automated procedures, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to have the personal data transferred directly from one controller to another controller, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of other individuals.

15.7 Objection Article 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6(1) e) (data processing in the public interest) or f) (data processing on the basis of a balance of interests) of the GDPR.

This also applies to profiling based on these provisions within the meaning of Article 4(4) GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

In individual cases, we process personal data in order to carry out direct advertising. You may object to the processing of personal data for the purpose of such advertising at any time. This also applies to profiling insofar as it is associated with such direct advertising. If you object to us processing your data for direct marketing purposes, we will no longer process the personal data for these purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

15.8 Withdrawal of consent under data protection legislation

You have the right to withdraw consent to the processing of personal data at any time with effect for the future.

15.9 Complaint to a supervisory authority

You have the right to complain about our processing of personal data to a supervisory authority responsible for data protection.

16. Routine storage, erasure and blocking of personal data

We process and store your personal data only for the time necessary to achieve the purpose for which they are stored or if this has been provided for by legislation to which our company is subject.

If the purpose of storage no longer applies or if a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

17. Further information

Further information on the processing of your personal data can be obtained from our head office and our data protection officer.

18. IoT services

For the use of the IoT services, you will find a separate privacy policy here https://www.denios.de/datenschutz-iot

19. Further data protection information

As a company, we not only handle personal data on our website but also in many other processes. In order to be able to provide you as a data subject with the most detailed information possible for these processing purposes as well, we have compiled this information for the following processing activities here, thereby fulfilling the legal information requirements pursuant to Articles 13-14 GDPR:

Should you require further information that you cannot find here or in the following detailed privacy policy, please contact our data protection officer in confidence.

20. Validity and revisions of the privacy policy

This privacy policy is currently valid and has the status: March 2022.

Due to the further development of our websites and offerings or due to changed legal or official requirements, changes to this privacy policy may become necessary. You can access and print out the current privacy policy at any time on the website at "https://www.denios.de/datenschutz/".

Menu
Log in
Your basketAdded to basket
Go to basket
We would be pleased to provide you with advice!

Give us a call or fill out the form and we will get back to you as soon as possible.

Mon - Thu: 08:30 - 17:00 | Fri: 08:30 - 16:00
i

Calls are handled by our UK team. All sales are processed via our German parent company so are VAT* / tariff free where applicable. *Must be fully IE VAT registered