Data Protection

Data protection within the Diehl Group

(Status: 31.08.2020)

Welcome to our website. Thank you for your interest in the companies of the Diehl Group. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legislation on the protection of personal data, in particular the EU General Data Protection Regulation (GDPR) and the country-specific implementation laws applicable to us. In this privacy policy, we shall inform you comprehensively about the processing of your personal data by the Diehl Group and of the rights granted to you.

Personal data is the information that enables identification of a natural person. In particular, this includes name, date of birth, address, telephone number, email address and IP address. 

 Data is considered anonymous if no personal reference can be made to a user. 

  • Your rights as a data subject

    First, we would like to inform you about your rights as a data subject. These rights are standardized in Articles 15 to 22 of the GDPR. They include: 

    • Right to information (Article 15 of the GDPR),
    • Right to erasure (Article 17 of the GDPR),
    • Right to rectification (Article 16 of the GDPR),
    • Right to data portability (Article 20 of the GDPR),
    • Right to restriction of data processing (Article 18 of the GDPR),
    • Right to object to data processing (Article 21 of the GDPR). 

    In order to assert these rights, please contact: The same applies if you have any questions about data processing at our company. You also have the right to lodge a complaint with a supervisory authority. 

  • Right to object

    Please note the following in conjunction with your right to object:

    In the event that we process your data in order to protect legitimate interests, you can object to this processing at any time for reasons relating to your particular situation. We shall then no longer process your personal data unless we can demonstrate compelling reasons for processing warranting protection that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims. You may object free of charge and in any form, preferably by contacting:

  • Purposes and legal bases for data processing

    The processing of your personal data complies with the provisions of the GDPR and all other applicable data protection provisions. The legal bases for data processing are derived in particular from Article 6 GDPR. 

    Except as specifically described elsewhere in this policy, we use your data exclusively to optimize our website, for example to improve the availability of the most visited pages or to improve the display on mobile devices. For details, please refer to the section on “Cookies”. 

    There shall be no processing of special categories of personal data within the meaning of Article 9(1) GDPR.

  • Forwarding to third parties

    We will only pass your data on to third parties within the scope of the statutory provisions or with the appropriate consent. Otherwise, no data will be passed on to third parties unless we are obliged to do so due to mandatory legal requirements (forwarding to external bodies such as supervisory authorities or law enforcement authorities).

  • Recipients of data / Categories of recipients

    Within the Diehl Group, we ensure that the only persons to receive your data are those that need it in order to fulfill their contractual and legal obligations. If another company acquires our company, business, or assets, we will also share your information with that company.

    In many cases, service providers support our specialist departments in fulfilling their tasks. We share your IP address and the data mentioned in section “contact form” below with service providers that, among other things, help us administer our website and provide technical support. Relevant data protection contracts have been concluded with all service providers.

  • Transfer to third countries

    We do not transmit or intend to transmit any data to third countries (outside the European Union and the European Economic Area)

  • Storage period for data

    We store your data as long as it is needed for the respective processing purpose. Please note that there are various retention periods requiring that data shall continue to be stored. In particular, this refers to commercial or fiscal retention obligations (for example arising from the German Commercial Code or the General Fiscal Law). If there are no further retention obligations, the data will be routinely deleted after it has fulfilled its purpose.

    In addition, we may retain data if you have given us your permission to do so, or if legal disputes arise, and we use evidence within the statutory limitation periods, which may be up to thirty years; the regular limitation period is three years.

  • Secure transfer of your data

    We implement appropriate technical and organizational security measures to help best protect the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Security levels are continuously reviewed in cooperation with security experts and adapted to new security standards. In the event of a suspected data security breach, we may notify you electronically, in writing, or by telephone, if we are permitted to do so by applicable law.

    Data that is transferred to and from our website is encrypted. We use HTTPS as a transfer protocol for our website, using current encryption protocols.

    It is also possible to use alternative communication channels (for example by post).

  • Obligation to provide data

    Various personal data is necessary in order to establish, implement and terminate a contract and to fulfill associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.

    In certain cases, data must also be collected or made available due to legal provisions. Please note that it is will not be possible to process your request or execute the underlying contractual obligation without providing this information. 

  • Categories, sources and origin of data

    The data we process is determined by the context: this depends upon whether you send an inquiry via our contact form, send us an application or submit a complaint, for example.

    Please note that we may also provide information for specific processing situations separately in the appropriate places where applicable, for example when uploading application documents or when making a contact inquiry.

  • When visiting our website, we collect and process the following data:
    • Details of the website from which you are visiting us
    • Web browser and operating system used
    • The IP address assigned by your Internet service provider
    • Requested files, amount of data transferred, downloads / file export
    • Details of the web pages you visit with us, including date and time
    • Resolution of your screen and device type

    For reasons of technical security (in particular to defend against attempted hacking of our web server), this data is stored in accordance with Article 6(1)(f) of the GDPR. Immediately after being collected, data is anonymized by shortening the IP address, so that there is no reference to the user. 

  • Contact form / Contact by email (Article 6(1)(a),(b) GDPR)

    There is a contact form available on our website that can be used to contact us electronically. If you write to us via the contact form, we will process the data you provide to contact you and answer your questions and requests. 

    We collect and process the following data in the course of a contact inquiry: 

    • Surname, first name
    • Contact details
    • Title
    • Details of requests and interests

    In doing so, we respect the principle of data minimization and data avoidance by requiring you to provide only the data we absolutely need to contact you. These are your email address and the message field itself. In addition, your IP address shall be processed for reasons of technical necessity as well as legal protection. All other data is optional and may be provided voluntarily (e.g., to provide a more personalized answer to your question).

    If you contact us by email, we will process the personal data provided in the email solely for the purpose of dealing with your request. If you do not use the forms provided to get in contact, there will be no further data collection. 

  • Newsletter (Article 6(1)(a) GDPR)

    If a newsletter is offered, you will be informed accordingly at the appropriate place.

  • Applicant portal (Article 6(1)(a),(b) GDPR)

    As part of our website, you have the opportunity to access our applicant portal. The particular data protection provisions for our applicant portal can be viewed when making your application. You can also find them here.

  • Automated individual decisions

    We do not use purely automated processing to make decisions. 

  • Cookies (Article 6(1)(f) GDPR / Article 6(1)(a) GDPR with consent)

    Our website uses “cookies” in several places. They are used to make our service more user-friendly, effective and secure. Cookies are small text files saved by your browser and stored on your computer (locally on your hard drive).

    These cookies enable us to analyze how users use our website. We can thus design the website content according to visitors’ needs. Cookies also allow us to measure the effectiveness of specific advertisements and to place them according to users’ thematic interests, for example. 

    Most cookies we use are “session cookies”. These are deleted automatically after your visit. Persistent cookies are automatically deleted from your computer once their period of validity (usually six months) is reached or you delete them yourself before the end of this period of validity. 

    Most web browsers accept cookies automatically. However, you can usually change your browser’s settings.

    Please note: If you deactivate cookies, you may not be able to use all of the functions of our website. 

    Cookie list
  • Matomo
    Processed Data

    This website uses the web analytics service Matomo to analyze and regularly improve the use of our website. Through the statistics obtained, we can improve our offer and make it more interesting. The following data is collected in this context: Anonymized IP address (only two bytes are recorded), website accessed, previously accessed website, time spent on the websites and frequency of visits to the websites, search queries, downloads, browser and operating system information.

    The data is collected and stored by us. The data is not transmitted to third parties in this context.

    Processing Purpose

    We use this tool to obtain information about the use of our website and, on the basis of this data, to be able to design and optimize our website in line with requirements.

    Legal Basis

    The tool is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a EU-DS-GVO. You can revoke your consent at any time by clicking here:

    The revocation only applies to the device and web browser on which it was set, please repeat the process on all devices if necessary.

    Data Storage Period

    The data obtained via this procedure will be deleted as soon as it is no longer necessary for our purposes. Specifically, the collected statistics are stored for 24 months and deleted afterwards.

  • Analysis by WiredMinds

    Our website uses the pixel-code technology of WiredMinds GmbH ( to analyze visitor behavior. Among other things, the IP address of a visitor is processed. The processing is carried out exclusively for the purpose of collecting company-relevant information such as the company name. IP addresses of natural persons are excluded from further use (whitelist procedure). The IP address is not stored in LeadLab under any circumstances. We use the service to create anonymous usage profiles based on the behavior of visitors to our website. The data obtained is not used to personally identify visitors to our website.

    The tool is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a EU GDPR/§ 25 para. 1 TTDSG. You can withdraw your consent at any time by clicking on the button below. You can make the appropriate settings here:

  • Pardot

    We use the Pardot tool from Salesforce, Inc. (415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States). Pardot helps us to record and evaluate the use of our website by website visitors.

    This is done using individual assignment features "unique visitor ID" and "unique identifier". When you visit our website, Pardot records your click path and uses it to create an individual usage profile using a pseudonym. For this purpose, cookies are used that allow your browser to be recognized. The cookies set are so-called "visitor cookies". These "visitor cookies" are used to generate identification numbers, which are used to recognize the browser of the website visitor. All cookies only receive the generated number code.

    The tool is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a EU-DS-GVO. You can revoke your consent at any time by clicking here:

    The data will be deleted as soon as they are no longer needed for our purposes. This is the case for us after 3 years.

    Insofar as the service provider processes personal data, the processing is carried out exclusively on our behalf and according to our instructions. For this purpose, we have concluded an order processing agreement to ensure compliance with the EU-DS-GVO. When using Pardot, a data transfer to the USA cannot be excluded. Therefore, the standard contractual clauses have been included.

  • CloudFlare

    Our website uses the Content Delivery Network provided by Cloudflare Inc. (101 Townsend St San Francisco, CA 94107, USA). Technically, the connection from your device to our website is thereby routed via Cloudflare’s network. This enables Cloudflare to, e.g., detect attacks on our website. However, our website’s TLS encryption prevents Cloudflare from accessing data entered by you. When you access our website, Cloudflare cookies will be placed on your device. Cloudflare collects statistical data on your visit to our website. Accessed data includes: the name of the accessed website and files, time and date of access, amount of data transferred, successful access notification and your browser type and version, operating system, referrer URL (last-visited page), IP address and requesting provider. Cloudflare uses this log data for statistical assessments for the operation, security and optimization of our offer (e.g., to detect and defend against massive abusive access through denial of service (DoS) or distributed denial of service attacks (DDoS) and to identify multiple legitimate access attempts by various devices using the same IP address). Please also see Cloudflare’s Privacy Policy here. We use this service to ensure our website’s availability, protect us against attacks and optimize load times. We use this tool on the basis of our legitimate interest in accordance with Article 6(1)(f) of the General Data Protection Regulation. Your data will be transferred to be assessed by Cloudflare and, therefore, to a third country.

  • Twitter Syndication

    On our website you will find functions of the provider Twitter (Twitter Inc. 1355 Market Street Suite 900, San Francisco, CA 94103). By the use of Twitter and the “Re-Tweet” function, the websites you visit will be connected with your Twitter account and announced to other users. This also includes transmission of data to Twitter. If you are logged in to Twitter, Twitter may be able to assign the visit to your Twitter account at this point.

    However, data transmission to Twitter only takes place when you click on the Twitter button or the Twitter messages. A click on the button or the Twitter messages means that you consent to the transfer of data to Twitter.

    As the provider of the website, we would like to point out, that we have no knowledge of the content of the data transmitted to Twitter and their use by Twitter. Further information can be found in the privacy policy of Twitter:

  • Google Maps

    This website uses Google Maps (API) form Google LLC, 1600 Amphitheatre Parkway, Mountain View,CA 94043 USA (“Google”). Google Maps is a web service for the presentation of interactive (land-) maps to visually present geographical information. By using this service, you will be able to view our locations and approach facilitated.

    The legal basis for the processing is Art. 6 Para. 1 lit. f EU-GDPR on the basis of our justified interest, so that we can show you our locations and give you directions if necessary.

    In order for the maps to be displayed correctly, technically necessary data must be transmitted to Google and must be processed by them. If you are logged in at Google, your data will be directly assigned to your account. If you don’t want to be associated with your profile on Google, you have to log out before activating the button. Google stores your data (even for not logged in users) as user profiles and evaluates them. The data transfer will not start until you click on the respective map. An automatic transfer of your personal data when calling up the website does not take place.

    You can revoke your consent at any time by clicking here:

  • YouTube

    YouTube is a video portal provided by YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA (hereinafter referred to as “YouTube”). We have embedded at least one plugin from YouTube into our online services.

    When you visit an online service that contains a YouTube plugin, your browser will connect directly to the YouTube servers. In the process, YouTube will be informed that your browser has visited the corresponding page of our online services, even if you do not have a YouTube account or are not logged in to your account. This information is directly transmitted by your browser to a YouTube server and stored there.

    If you are logged in to your YouTube account at the same time, it will also be possible to associate the page view with your YouTube account, which would allow YouTube to associate your browsing behavior directly with your personal profile.

    If you wish to prevent this transmission and storage of your data and behavior on our online services by YouTube, you must log out of YouTube before you visit our site and delete any cookies placed by YouTube. 

    You can find further information about YouTube’s collection and use of your data in the privacy guidelines at and in Google’s Privacy Policy at

  • Social Media

    The Diehl Group is active on social media, primarily Facebook, Twitter, YouTube, Instagram, Xing and LinkedIn. Where we have control of the processing of your data, we ensure compliance with data protection regulations. The most important information about your data protection rights is provided hereafter. The Diehl Group has fan pages on the following platforms:

    • Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
    • Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)
    • Twitter
    • YouTube (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland)
    • Xing (Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany)
    • LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

    However, you may only use these platforms and their functions at your own responsibility. This especially applies to the use of interactive functions (e.g., commenting, sharing, evaluating). Please note that your data may be processed outside of the European Economic Area.

    Purpose and Legal Basis

    We maintain fan pages to communicate with visitors to these pages and inform them about our offers.

    In addition, we collect data for statistical purposes to further develop and optimize our offer. The data necessary for this (e.g., the total number of page views, page activity and data provided by visitors, interactions) is prepared and provided to us by the social networks. We have no influence over the generation or presentation of this data.

    Your personal data is also processed by the social networks’ providers and by the Diehl Group for market research and advertisement purposes. This makes it possible to create usage profiles based on, e.g., your usage behaviour and resulting interests. This allows ads to be displayed on and outside of platforms that correspond to your interests. For this, cookies are normally placed on your device. Irrespective thereof, data not collected directly from your device may also be saved on your usage profile. Data is stored and analysed across devices, especially, but not exclusively, if you are registered on and log in to the respective platform.

    We do not collect or process any further personal data.

    Your personal data is processed by the Diehl Group on the basis of our legitimate interest in providing effective information and communication in accordance with Article 6(1)(f) of the General Data Protection Regulation.

    If you are asked to consent to the processing of your data, i.e., if you consent by clicking on a button or similar (opt in), the legal basis for processing is Article 6(1)(a) and Article 7 of the General Data Protection Regulation.

    Your Rights / Ways to Object

    If you are registered on a social network and do not want data about you to be collected and merged with data stored by the network via our presence, please

    • Log out before visiting our fan page on the network
    • Delete the cookies from your device
    • Close and restart your browser

    However, when logging in again, the network will recognize you as a specific user again.

    For a detailed explanation of how data is processed and ways to object (opt out), please see the following:

    You have the following rights concerning the processing of your personal data:

    Right of access; right to rectification; right to erasure; right to restriction of processing; right to object; right to data portability; right to lodge a complaint with a competent data protection supervisory authority about unlawful processing of your personal data.

    However, since the Diehl Group does not have complete access to your personal data, you should exercise your rights by contacting the social media providers directly who can access their users’ personal data, take corresponding measures and provide information. If you require further support, we will do our best to assist you.

    Please contact us at

    Copyright and Art Copyright Notice

    If you would like to publish images, text, plans, videos, music, etc., on our presence, please note that you may be assigning all usage rights to the work to the network which may result in legal consequences for you if you are not the copyright holder or rightsholder.

  • Google My Business

    We maintain a Google My Business profile of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA: “Google”). If you are based in the European Economic Area or Switzerland, the controller for your data - collected through this procedure - is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

    Google My Business enables us to present our company to you and allows you to contact and evaluate us and upload images related to our business. Please note that you may only use our My Business profile and its functions at your own responsibility. This especially applies to the use of social and interactive functions (e.g., commenting, sharing, evaluating, direct messaging). When you visit and interact with our Google My Business profile, Google will also log your IP address and other information available on your device in form of so-called cookies. The data collected about you thereby will be processed by Google and may be transferred to countries outside of the European Union. Google explains which information it receives and how it is used in its Privacy Policy:

    If you would like to contact us via our Google My Business profile, please see our “Contact Form / Contact Us by E-Mail” notice. We use your data to respond to your evaluation or the inquiry you submitted via My Business. The legal basis for this is Article 6(1)(f) of the General Data Protection Regulation. We do not process any further data from your use of My Business.

  • Online content and children

    Persons under the age of 16 may not submit personal data to us or give a declaration of consent without the consent of their parents or guardians. We encourage parents and guardians to take an active part in their children’s online activities and interests.

  • Links to other providers

    Our website also contains clearly recognizable links to the websites of other companies. We have no influence over the content of linked websites of other providers. No guarantee or liability can therefore be accepted for such content. The content of these sites is the responsibility of the respective owner or operator. 

    The linked sites were checked for any possible legal violations and identifiable infringements at the time of linking. No illegal content was found at the time the links were created. Continuous monitoring of the content of the linked sites without concrete evidence of a violation is not feasible. We will remove any links to content that is illegal or violates any laws as soon as we become aware of such violations.