DATA Protection within the Diehl Group
Effective date: 09/18/2018
Personal data is the information that enables identification of a natural person. In particular, this includes name, date of birth, address, telephone number, email address and IP address.
Data is considered anonymous if no personal reference can be made to a user.
Responsible Authority and data protection officer
Diehl Stiftung & Co. KG
Dr. Sebastian Buss
Corporate Privacy Officer Diehl Group
Your rights as a data subject
First, we would like to inform you about your rights as a data subject. These rights are standardized in Articles 15 to 22 of the GDPR. They include:
- Right to information (Article 15 of the GDPR),
- Right to erasure (Article 17 of the GDPR),
- Right to recification (Article 16 of the GDPR),
- Right to data portability (Article 20 of the GDPR),
- Right to restriction of data processing (Article 18 of the GDPR),
- Right to object to data processing (Article 21 of the GDPR),
In order to assert these rights, please contact: Dr. Sebastian Buss. The same applies if you have any questions about data processing at our company. You also have the right to lodge a complaint with a supervisory authority.
Right to object
Please note the following in conjunction with your right to object:
In the event that we process your data in order to protect legitimate interests, you can object to this processing at any time for reasons relating to your particular situation. We shall then no longer process your personal data unless we can demonstrate compelling reasons for processing warranting protection that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. You may object free of charge and in any form, preferably by contacting: firstname.lastname@example.org.
Purposes and legal bases for data processing
The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection provisions. The legal bases for data processing are derived in particular from Article 6 GDPR.
Except as specifically described elsewhere in this policy, we use your data exclusively to optimize our website, for example to improve the availability of the most visited pages or to improve the display on mobile devices. For details, please refer to the section on “Cookies”.
There shall be no processing of special categories of personal data within the meaning of Article 9(1) GDPR.
Forwarding to third parties
We will only pass your data on to third parties within the scope of the statutory provisions or with the appropriate consent. Otherwise, no data will be passed on to third parties unless we are obliged to do so due to mandatory legal requirements (forwarding to external bodies such as supervisory authorities or law enforcement authorities).
Recipients of data / Categories of recipients
Within the Diehl Group, we ensure that the only persons to receive your data are those that need it in order to fulfill their contractual and legal obligations. If another company acquires our company, business, or assets, we will also share your information with that company.
In many cases, service providers support our specialist departments in fulfilling their tasks. We share your IP address and the data mentioned in section “contact form” below with service providers that, among other things, help us administer our website and provide technical support. Relevant data protection contracts have been concluded with all service providers.
Transfer to third countries / Intent to transfer to third countries
We do not transmit or intend to transmit any data to third countries (outside the European Union and the European Economic Area). However, we point out that Google Maps is used on this website. For details, please refer to the “Google Maps” section.”
Storage period for data
We store your data as long as it is needed for the respective processing purpose. Please note that there are various retention periods requiring that data shall continue to be stored. In particular, this refers to commercial or fiscal retention obligations (for example arising from the German Commercial Code or the General Fiscal Law). If there are no further retention obligations, the data will be routinely deleted after it has fulfilled its purpose.
In addition, we may retain data if you have given us your permission to do so, or if legal disputes arise, and we use evidence within the statutory limitation periods, which may be up to thirty years; the regular limitation period is three years.
Secure transfer of your data
We implement appropriate technical and organizational security measures to help best protect the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Security levels are continuously reviewed in cooperation with security experts and adapted to new security standards. In the event of a suspected data security breach, we may notify you electronically, in writing, or by telephone, if we are permitted to do so by applicable law.
Data that is transferred to and from our website is encrypted. We use HTTPS as a transfer protocol for our website, using current encryption protocols.
It is also possible to use alternative communication channels (for example by post).
Obligation to provide data
Various personal data is necessary in order to establish, implement and terminate a contract and to fulfill associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.
In certain cases, data must also be collected or made available due to legal provisions. Please note that it is will not be possible to process your request or execute the underlying contractual obligation without providing this information.
Categories, Sources and origin of data
The data we process is determined by the context: this depends upon whether you send an inquiry via our contact form, send us an application or submit a complaint, for example.
Please note that we may also provide information for specific processing situations separately in the appropriate places where applicable, for example when uploading application documents or when making a contact inquiry.
When visiting our website, we collect and process the following data:
- Details of the website from which you are visiting us
- Web browser and operating system used
- The IP address assigned by your Internet service provider
- Requested files, amount of data transferred, downloads / file export
- Details of the web pages you visit with us, including date and time
- Resolution of your screen and device type
For reasons of technical security (in particular to defend against attempted hacking of our web server), this data is stored in accordance with Article 6(1)(f) of the GDPR. Immediately after being collected, data is anonymized by shortening the IP address, so that there is no reference to the user.
We collect and process the following data in the course of a contact inquiry:
- Surname, first name
- Contact details
- Details of requests and interests
Contact form / Contact by email (Article 6(1)(a),(b) GDPR)
There is a contact form available on our website that can be used to contact us electronically. If you write to us via the contact form, we will process the data you provide to contact you and answer your questions and requests.
In doing so, we respect the principle of data minimization and data avoidance by requiring you to provide only the data we absolutely need to contact you. These are your email address and the message field itself. In addition, your IP address shall be processed for reasons of technical necessity as well as legal protection. All other data is optional and may be provided voluntarily (e.g., to provide a more personalized answer to your question).
If you contact us by email, we will process the personal data provided in the email solely for the purpose of dealing with your request. If you do not use the forms provided to get in contact, there will be no further data collection.
Newsletter (Article 6(1)(a) GDPR)
If a newsletter is offered, you will be informed accordingly at the appropriate place.
Applicant portal (Article 6(1)(a),(b) GDPR)
As part of our website, you have the opportunity to access our applicant portal. The particular data protection provisions for our applicant portal can be viewed when making your application. You can also find them here.
Automated individual decisions
We do not use purely automated processing to make decisions.
Cookies (Article 6(1)(f) GDPR / Article 6(1)(a) GDPR with consent)
Our website uses “cookies” in several places. They are used to make our service more user-friendly, effective and secure. Cookies are small text files saved by your browser and stored on your computer (locally on your hard drive).
These cookies enable us to analyze how users use our website. We can thus design the website content according to visitors’ needs. Cookies also allow us to measure the effectiveness of specific advertisements and to place them according to users’ thematic interests, for example.
Most cookies we use are “session cookies”. These are deleted automatically after your visit. Persistent cookies are automatically deleted from your computer once their period of validity (usually six months) is reached or you delete them yourself before the end of this period of validity.
Most web browsers accept cookies automatically. However, you can usually change your browser’s settings.
Please note: If you deactivate cookies, you may not be able to use all of the functions of our website.
A web service of the company CloudFlare Inc., 101 Townsend St, 94107 San Francisco (hereinafter called “CloudFlare) is reloaded on our website. We use these data to ensure the functionality of our website. To this effect, your browser may transmit personal data to CloudFlare. The legal basis for such data transmission is provided by Art. 6, para 1 lit. f of the General Data Protection Regulation. Our legitimate interest is to provide a functional website. CloudFlare has self-certified to the EU-U.S. Privacy Shield Framework (see https://www.privacyshield.gov/list). The data will be deleted as soon as they are no longer necessary for the purpose of their collection.
Further information about the handling of transmitted data is provided in the data protection declaration of CloudFlare: https://www.cloudflare.com/security-policy/?utm_referrer=https://www.google.de/
You can prevent your data from being collected and processed by CloudFlare by disabling the execution of script code in your browser or by installing a script blocker in your browser (see, for example, www.noscript.net or www.ghostery.com).
Twitter messages from our Twitter account are included in our website using the Twitter Syndication service. When loading the website, your browser may send personal data as well as the IP address or complete cookies to the social network.
We use Adobe Typekit to give our website a visually appealing design. Typekit is a service provided by Adobe Systems Software Ireland Ltd. (“Adobe”), which offers us access to Adobe’s font library. In order to incorporate the fonts we use, your web browser needs to connect to an Adobe server and download the required font. Due to this, Adobe receives the information that the IP address of your device has been used to access our website.
This website uses Google Maps (API), provided by Google LLC., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Maps is a web service for displaying interactive maps and geographic information. Using this service will allow you to view our locations and will facilitate your journey to us.
When you visit any of the subpages on which Google Maps is incorporated, information about your use of our website (such as your IP address) will be transmitted to and stored by Google’s servers. This happens regardless of whether Google provides a user account that you can log in to or whether no user account exists. If you are logged in via Google, your data is directly associated with your account. If you do not wish data to be associated with your Google profile, you should log out prior to activating the button. Google will store your data (even for non-logged-in users) as usage profiles, which it then analyzes. This analysis is carried out in accordance with Article 6(1)(f) GDPR on the basis of Google’s legitimate interests in the display of personalized advertising, market research and/or the customized design of its website. You have the right to object to the creation of these user profiles, whereby you must contact Google in order to exercise this right.
Google LLC, based in the USA, is certified for the EU-US Privacy Shield, which ensures compliance with the level of data protection applicable in the EU.
embedded at least one plugin from YouTube into our online services.
When you visit an online service that contains a YouTube plugin, your browser will connect directly to the YouTube servers. In the process, YouTube will be informed that your browser has visited the corresponding page of our online services, even if you do not have a YouTube account or are not logged in to your account. This information is directly transmitted by your browser to a YouTube server and stored there.
If you are logged in to your YouTube account at the same time, it will also be possible to associate the page view with your YouTube account, which would allow YouTube to associate your browsing behavior directly with your personal profile.
If you wish to prevent this transmission and storage of your data and behavior on our online services by YouTube, you must log out of YouTube before you visit our site and delete any cookies placed by YouTube.
Online content and children
Persons under the age of 16 may not submit personal data to us or give a declaration of consent without the consent of their parents or guardians. We encourage parents and guardians to take an active part in their children’s online activities and interests.
Links to other providers
Our website also contains clearly recognizable links to the websites of other companies. We have no influence over the content of linked websites of other providers. No guarantee or liability can therefore be accepted for such content. The content of these sites is the responsibility of the respective owner or operator.
The linked sites were checked for any possible legal violations and identifiable infringements at the time of linking. No illegal content was found at the time the links were created. Continuous monitoring of the content of the linked sites without concrete evidence of a violation is not feasible. We will remove any links to content that is illegal or violates any laws as soon as we become aware of such violations.