Data protection within the Diehl Group
Personal data is the information that enables identification of a natural person. In particular, this includes name, date of birth, address, telephone number, email address and IP address.
Data is considered anonymous if no personal reference can be made to a user.
Your rights as a data subject
First, we would like to inform you about your rights as a data subject. These rights are standardized in Articles 15 to 22 of the GDPR. They include:
- Right to information (Article 15 of the GDPR),
- Right to erasure (Article 17 of the GDPR),
- Right to rectification (Article 16 of the GDPR),
- Right to data portability (Article 20 of the GDPR),
- Right to restriction of data processing (Article 18 of the GDPR),
- Right to object to data processing (Article 21 of the GDPR).
In order to assert these rights, please contact: firstname.lastname@example.org. The same applies if you have any questions about data processing at our company. You also have the right to lodge a complaint with a supervisory authority.
Right to object
Please note the following in conjunction with your right to object:
In the event that we process your data in order to protect legitimate interests, you can object to this processing at any time for reasons relating to your particular situation. We shall then no longer process your personal data unless we can demonstrate compelling reasons for processing warranting protection that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. You may object free of charge and in any form, preferably by contacting: email@example.com
Purposes and legal bases for data processing
The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection provisions. The legal bases for data processing are derived in particular from Article 6 GDPR.
Except as specifically described elsewhere in this policy, we use your data exclusively to optimize our website, for example to improve the availability of the most visited pages or to improve the display on mobile devices. For details, please refer to the section on “Cookies”.
There shall be no processing of special categories of personal data within the meaning of Article 9(1) GDPR.
Forwarding to third parties
We will only pass your data on to third parties within the scope of the statutory provisions or with the appropriate consent. Otherwise, no data will be passed on to third parties unless we are obliged to do so due to mandatory legal requirements (forwarding to external bodies such as supervisory authorities or law enforcement authorities).
Recipients of data / Categories of recipients
Within the Diehl Group, we ensure that the only persons to receive your data are those that need it in order to fulfill their contractual and legal obligations. If another company acquires our company, business, or assets, we will also share your information with that company.
In many cases, service providers support our specialist departments in fulfilling their tasks. We share your IP address and the data mentioned in section “contact form” below with service providers that, among other things, help us administer our website and provide technical support. Relevant data protection contracts have been concluded with all service providers.
Transfer to third countries
We do not transmit or intend to transmit any data to third countries (outside the European Union and the European Economic Area)
Storage period for data
We store your data as long as it is needed for the respective processing purpose. Please note that there are various retention periods requiring that data shall continue to be stored. In particular, this refers to commercial or fiscal retention obligations (for example arising from the German Commercial Code or the General Fiscal Law). If there are no further retention obligations, the data will be routinely deleted after it has fulfilled its purpose.
In addition, we may retain data if you have given us your permission to do so, or if legal disputes arise, and we use evidence within the statutory limitation periods, which may be up to thirty years; the regular limitation period is three years.
Secure transfer of your data
We implement appropriate technical and organizational security measures to help best protect the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Security levels are continuously reviewed in cooperation with security experts and adapted to new security standards. In the event of a suspected data security breach, we may notify you electronically, in writing, or by telephone, if we are permitted to do so by applicable law.
Data that is transferred to and from our website is encrypted. We use HTTPS as a transfer protocol for our website, using current encryption protocols.
It is also possible to use alternative communication channels (for example by post).
Obligation to provide data
Various personal data is necessary in order to establish, implement and terminate a contract and to fulfill associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.
In certain cases, data must also be collected or made available due to legal provisions. Please note that it is will not be possible to process your request or execute the underlying contractual obligation without providing this information.
Categories, sources and origin of data
The data we process is determined by the context: this depends upon whether you send an inquiry via our contact form, send us an application or submit a complaint, for example.
Please note that we may also provide information for specific processing situations separately in the appropriate places where applicable, for example when uploading application documents or when making a contact inquiry.
When visiting our website, we collect and process the following data:
- Details of the website from which you are visiting us
- Web browser and operating system used
- The IP address assigned by your Internet service provider
- Requested files, amount of data transferred, downloads / file export
- Details of the web pages you visit with us, including date and time
- Resolution of your screen and device type
For reasons of technical security (in particular to defend against attempted hacking of our web server), this data is stored in accordance with Article 6(1)(f) of the GDPR. Immediately after being collected, data is anonymized by shortening the IP address, so that there is no reference to the user.
Contact form / Contact by email (Article 6(1)(a),(b) GDPR)
There is a contact form available on our website that can be used to contact us electronically. If you write to us via the contact form, we will process the data you provide to contact you and answer your questions and requests.
We collect and process the following data in the course of a contact inquiry:
- Surname, first name
- Contact details
- Details of requests and interests
In doing so, we respect the principle of data minimization and data avoidance by requiring you to provide only the data we absolutely need to contact you. These are your email address and the message field itself. In addition, your IP address shall be processed for reasons of technical necessity as well as legal protection. All other data is optional and may be provided voluntarily (e.g., to provide a more personalized answer to your question).
If you contact us by email, we will process the personal data provided in the email solely for the purpose of dealing with your request. If you do not use the forms provided to get in contact, there will be no further data collection.
Newsletter (Article 6(1)(a) GDPR)
If a newsletter is offered, you will be informed accordingly at the appropriate place.
Applicant portal (Article 6(1)(a),(b) GDPR)
As part of our website, you have the opportunity to access our applicant portal. The particular data protection provisions for our applicant portal can be viewed when making your application. You can also find them here.
Automated individual decisions
We do not use purely automated processing to make decisions.
Cookies (Article 6(1)(f) GDPR / Article 6(1)(a) GDPR with consent)
Our website uses “cookies” in several places. They are used to make our service more user-friendly, effective and secure. Cookies are small text files saved by your browser and stored on your computer (locally on your hard drive).
These cookies enable us to analyze how users use our website. We can thus design the website content according to visitors’ needs. Cookies also allow us to measure the effectiveness of specific advertisements and to place them according to users’ thematic interests, for example.
Most cookies we use are “session cookies”. These are deleted automatically after your visit. Persistent cookies are automatically deleted from your computer once their period of validity (usually six months) is reached or you delete them yourself before the end of this period of validity.
Most web browsers accept cookies automatically. However, you can usually change your browser’s settings.
Please note: If you deactivate cookies, you may not be able to use all of the functions of our website.
We use this tool to collect information about the use of our website and to design and optimize our website in a need-based manner. This data is used to create cross-website usage profiles.
Legal Basis of Data Processing and Withdrawal of Consent
This tool is used on the basis of your consent in accordance with Article 6(1)(a) of the General Data Protection Regulation. You may withdraw your consent at any time by clicking here. Withdrawal only applies to your currently-used device and browser. Please repeat this process on all of your devices if necessary. If you delete the opt-out cookie, you will be asked for your consent to the data transmission again. You may also download a browser add-on to disable Google Analytics here. Google offers this add-on for all customary browser versions.
Data Storage Period
The data collected this way will be erased when it is no longer necessary for our purposes. In our case, this applies after 24 months.
Analysis by WiredMinds
Our website uses counting pixel technology provided by WiredMinds GmbH (www.wiredminds.de) to analyze visitor behavior. In connection with this, the IP address of the visitor is processed. The processing occurs only for the purpose of collecting company based information such as company name, for example. IP addresses of natural persons are excluded from any further processing by means of a whitelist. An IP address is not stored in LeadLab under any circumstances. While processing data, it is our outmost interest to protect the rights of natural persons. Our interest in processing data is based on Article 6(1)(f) GDPR. At no time is it possible to draw conclusions from the collected data on an identifiable person. WiredMinds GmbH uses this information to create anonymized usage profiles of the visit behavior on our website. Data obtained during this process is not used to personally identify visitors of our website.
On our website you will find functions of the provider Twitter (Twitter Inc. 1355 Market Street Suite 900, San Francisco, CA 94103). By the use of Twitter and the “Re-Tweet” function, the websites you visit will be connected with your Twitter account and announced to other users. This also includes transmission of data to Twitter. If you are logged in to Twitter, Twitter may be able to assign the visit to your Twitter account at this point.
However, data transmission to Twitter only takes place when you click on the Twitter button or the Twitter messages. A click on the button or the Twitter messages means that you consent to the transfer of data to Twitter.
This website uses Google Maps (API) form Google LLC, 1600 Amphitheatre Parkway, Mountain View,CA 94043 USA (“Google”). Google Maps is a web service for the presentation of interactive (land-) maps to visually present geographical information. By using this service, you will be able to view our locations and approach facilitated.
The legal basis for the processing is Art. 6 Para. 1 lit. f EU-GDPR on the basis of our justified interest, so that we can show you our locations and give you directions if necessary.
In order for the maps to be displayed correctly, technically necessary data must be transmitted to Google and must be processed by them. If you are logged in at Google, your data will be directly assigned to your account. If you don’t want to be associated with your profile on Google, you have to log out before activating the button. Google stores your data (even for not logged in users) as user profiles and evaluates them. The data transfer will not start until you click on the respective map. An automatic transfer of your personal data when calling up the website does not take place.
YouTube is a video portal provided by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (hereinafter referred to as “YouTube”). We have embedded at least one plugin from YouTube into our online services.
When you visit an online service that contains a YouTube plugin, your browser will connect directly to the YouTube servers. In the process, YouTube will be informed that your browser has visited the corresponding page of our online services, even if you do not have a YouTube account or are not logged in to your account. This information is directly transmitted by your browser to a YouTube server and stored there.
If you are logged in to your YouTube account at the same time, it will also be possible to associate the page view with your YouTube account, which would allow YouTube to associate your browsing behavior directly with your personal profile.
If you wish to prevent this transmission and storage of your data and behavior on our online services by YouTube, you must log out of YouTube before you visit our site and delete any cookies placed by YouTube.
The Diehl Group is active on social media, primarily Facebook, Twitter, YouTube, Instagram, Xing and LinkedIn. Where we have control of the processing of your data, we ensure compliance with data protection regulations. The most important information about your data protection rights is provided hereafter. The Diehl Group has fan pages on the following platforms:
- Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
- Instagram (Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
- YouTube (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland)
- Xing (Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany)
- LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
However, you may only use these platforms and their functions at your own responsibility. This especially applies to the use of interactive functions (e.g., commenting, sharing, evaluating). Please note that your data may be processed outside of the European Economic Area.
Purpose and Legal Basis
We maintain fan pages to communicate with visitors to these pages and inform them about our offers.
In addition, we collect data for statistical purposes to further develop and optimize our offer. The data necessary for this (e.g., the total number of page views, page activity and data provided by visitors, interactions) is prepared and provided to us by the social networks. We have no influence over the generation or presentation of this data.
Your personal data is also processed by the social networks’ providers and by the Diehl Group for market research and advertisement purposes. This makes it possible to create usage profiles based on, e.g., your usage behaviour and resulting interests. This allows ads to be displayed on and outside of platforms that correspond to your interests. For this, cookies are normally placed on your device. Irrespective thereof, data not collected directly from your device may also be saved on your usage profile. Data is stored and analysed across devices, especially, but not exclusively, if you are registered on and log in to the respective platform.
We do not collect or process any further personal data.
Your personal data is processed by the Diehl Group on the basis of our legitimate interest in providing effective information and communication in accordance with Article 6(1)(f) of the General Data Protection Regulation.
If you are asked to consent to the processing of your data, i.e., if you consent by clicking on a button or similar (opt in), the legal basis for processing is Article 6(1)(a) and Article 7 of the General Data Protection Regulation.
Your Rights / Ways to Object
If you are registered on a social network and do not want data about you to be collected and merged with data stored by the network via our presence, please
- Log out before visiting our fan page on the network
- Delete the cookies from your device
- Close and restart your browser
However, when logging in again, the network will recognize you as a specific user again.
For a detailed explanation of how data is processed and ways to object (opt out), please see the following:
Data Policy: https://www.facebook.com/about/privacy/
Opt-Out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
Data Policy: https://policies.google.com/privacy
Opt-Out: https://tools.google.com/dlpage/gaoptout?hl=de and http://www.youronlinechoices.com
Data Policy: https://help.instagram.com/519522125107875
Opt-Out: http://www.networkadvertising.org/managing/opt_out.asp and http://www.youronlinechoices.com
Data Policy: https://twitter.com/de/privacy
Data Policy: https://policies.google.com/privacy
Opt-Out: https://tools.google.com/dlpage/gaoptout?hl=de and http://www.youronlinechoices.com
Data Policy: https://privacy.xing.com/de/datenschutzerklaerung
Data Policy: https://www.linkedin.com/legal/privacy-policy
You have the following rights concerning the processing of your personal data:
Right of access; right to rectification; right to erasure; right to restriction of processing; right to object; right to data portability; right to lodge a complaint with a competent data protection supervisory authority about unlawful processing of your personal data.
However, since the Diehl Group does not have complete access to your personal data, you should exercise your rights by contacting the social media providers directly who can access their users’ personal data, take corresponding measures and provide information. If you require further support, we will do our best to assist you.
Please contact us at firstname.lastname@example.org.
Copyright and Art Copyright Notice
If you would like to publish images, text, plans, videos, music, etc., on our presence, please note that you may be assigning all usage rights to the work to the network which may result in legal consequences for you if you are not the copyright holder or rightsholder.
Google My Business
We maintain a Google My Business profile of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA: “Google”). If you are based in the European Economic Area or Switzerland, the controller for your data—collected through this procedure—is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).
If you would like to contact us via our Google My Business profile, please see our “Contact Form / Contact Us by E-Mail” notice. We use your data to respond to your evaluation or the inquiry you submitted via My Business. The legal basis for this is Article 6(1)(f) of the General Data Protection Regulation. We do not process any further data from your use of My Business.
Online content and children
Persons under the age of 16 may not submit personal data to us or give a declaration of consent without the consent of their parents or guardians. We encourage parents and guardians to take an active part in their children’s online activities and interests.
Links to other providers
Our website also contains clearly recognizable links to the websites of other companies. We have no influence over the content of linked websites of other providers. No guarantee or liability can therefore be accepted for such content. The content of these sites is the responsibility of the respective owner or operator.
The linked sites were checked for any possible legal violations and identifiable infringements at the time of linking. No illegal content was found at the time the links were created. Continuous monitoring of the content of the linked sites without concrete evidence of a violation is not feasible. We will remove any links to content that is illegal or violates any laws as soon as we become aware of such violations.