Data Protection

Blurry image

Data Privacy at the Diehl Group

(Status: 21.05.2024)

We welcome you to our website and appreciate your interest in the companies of the Diehl Group. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU General Data Protection Regulation (EU GDPR) and the country-specific implementation laws applicable to us. With the help of this data protection declaration, we inform you comprehensively about the processing of your personal data by the Diehl Group and the rights to which you are entitled.

Personal data is information that makes it possible to identify a natural person. This includes, in particular, name, date of birth, address, telephone number, e-mail address, but also your IP address.

Data is anonymous if no personal reference to the user can be established.

  • Your rights as a data subject

    First of all, we would like to inform you about your rights as a data subject. These rights are standardized in Articles 15 to 22 EU GDPR. They include:

    • The right to information (Art. 15 EU GDPR),

    • The right to erasure (Art. 17 EU GDPR),

    • The right to rectification (Art. 16 EU GDPR),

    • The right to data portability (Art. 20 EU GDPR),

    • The right to restriction of data processing (Art. 18 EU GDPR),

    • The right to object to data processing (Art. 21 EU GDPR).

    In order to assert these rights, please contact: The same applies if you have any questions about data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority.

  • Rights of objection

    Please note the following in connection with rights of objection:

    In the event that we process your data to protect legitimate interests, you can object to this processing at any time for reasons arising from your particular situation. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or the processing serves the establishment, exercise or defense of legal claims. The objection is free of charge and can be made informally, if possible to:

  • Purposes and legal bases of data processing

    When processing your personal data, the provisions of the EU GDPR and all other applicable data protection regulations are complied with. The legal basis for data processing arises in particular from Art. 6 EU GDPR.

    We use your data exclusively to optimize our website, e.g. to improve the accessibility of the most frequently visited pages or to improve the display on mobile devices. For details, please refer to the "Cookies" section.

    No processing of special categories of personal data within the meaning of Art. 9 (1) EU GDPR takes place.

  • Disclosure to third parties

    We will only pass on your data to third parties within the framework of the statutory provisions or with the appropriate consent. Otherwise, your data will not be passed on to third parties unless we are obliged to do so due to mandatory legal provisions (passing on to external bodies such as supervisory authorities or law enforcement agencies).

  • Recipients of the data / categories of recipients

    Within the Diehl Group, we ensure that only those persons receive your data who need it to fulfill their contractual and legal obligations.

    In many cases, service providers support our specialist departments in performing their tasks. The necessary data protection contracts have been concluded with all service providers.

  • Third country transfer

    When using our website, certain personal data may be transferred to third countries, i.e. countries in which the EU GDPR is not applicable law. However, we only permit processing if the special requirements of Art. 44 et seq. EU GDPR and thus the guarantee of an adequate level of data protection in the country are met. This means that the third country must either have an adequacy decision from the European Commission or suitable guarantees in accordance with Art. 46 EU GDPR. Unless otherwise stated below, we use the following applicable guarantees as suitable guarantees standard contractual clauses for the transfer of personal data to processors in third countries.

  • Storage duration of the data

    We store your data for as long as it is required for the respective processing purpose. Please note that numerous retention periods require that data (must) continue to be stored. This applies in particular to retention obligations under commercial or tax law (e.g. from the German Commercial Code or the German Fiscal Code). If there are no further retention obligations, the data will be routinely deleted once the purpose has been achieved.

    In addition, we may retain data if you have given us your permission to do so or if legal disputes arise and we use evidence within the framework of statutory limitation periods, which can be up to thirty years; the regular limitation period is three years.

  • Secure transfer of your data

    We use appropriate technical and organizational security measures to protect the data stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.

    The exchange of data to and from our website is encrypted. We offer HTTPS as the transmission protocol for our website, using the latest encryption protocols.

    It is also possible to use alternative communication channels (e.g. by post).

  • Obligation to provide the data

    Various personal data are necessary for the establishment, execution and termination of the contractual relationship and the fulfillment of the associated contractual and legal obligations. The same applies to the use of our website and the various functions it provides.

    In certain cases, data must also be collected or made available due to legal provisions. Please note that it is not possible to process your request or execute the underlying contractual relationship without providing this data.

  • Categories, sources and origin of the data

    Which data we process is determined by the respective context: this depends on whether, for example, you enter an inquiry in our contact form, whether you send us an application or submit a complaint.

    Please note that we may also provide information for special processing situations separately in a suitable place, e.g. when uploading application documents or in the event of a contact request.

  • We collect and process the following data when you visit our website:
    • Information about the website from which you are visiting us

    • Web browser and operating system used

    • The IP address assigned by your Internet service provider

    • Requested files, transferred data volume, downloads/file export

    • Information about the websites you visit on our site, including date and time

    • Resolution of your screen and device type

    For reasons of technical security (in particular to defend against attempted attacks on our web server), this data is stored in accordance with Art. 6(1)(f) EU GDPR. Immediately after collection, anonymization takes place by shortening the IP address so that no reference to the user is established.

  • Contact form / contact by e-mail (Art. 6 para. 1 lit. a, b EU-GDPR)

    There is a contact form on our website that can be used to contact us electronically. If you write to us via the contact form, we will process the data you provide in the contact form to contact you and answer your questions and requests.

    We collect and process the following data as part of a contact request:

    • Surname, first name
    • Contact details
    • Title
    • Details of requests and interests

    The principle of data minimization and data avoidance is observed in that you only have to provide the data that we absolutely need to contact you. This is your e-mail address and the message field itself. In addition, your IP address is processed for technical reasons and for legal protection. All other data are voluntary fields and can be provided optionally (e.g. to answer your questions more individually).

    If you contact us by e-mail, we will process the personal data provided in the e-mail solely for the purpose of processing your request. If you do not use the forms provided to contact us, no further data will be collected.

  • Newsletter (Art. 6 para. 1 lit. a EU-GDPR)

    If a newsletter is sent, you will be notified and informed at the appropriate point.

  • Applicant portal (Art. 6 para. 1 lit. a, b EU-GDPR)

    As part of our website, you have the option of accessing our applicant portal. You can view the special data protection provisions for our applicant portal when you create your application. You can also find them here.

  • Automated decisions in individual cases

    We do not use purely automated processing to reach a decision.

  • Cookies (Art. 6 para. 1 lit. f EU-GDPR / Art. 6 para. 1 lit. a EU-GDPR with consent)

    Our Internet pages use so-called cookies in several places. They serve to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser (locally on your hard disk).

    These cookies enable us to analyze how users use our websites. This enables us to tailor the website content to the needs of visitors. Cookies also enable us to measure the effectiveness of a particular advertisement and to place it according to the thematic interests of the user, for example.

    Most of the cookies we use are so-called "session cookies". These are automatically deleted after your visit. Permanent cookies are automatically deleted from your computer when they expire (usually six months) or you delete them yourself before they expire.

    Most web browsers accept cookies automatically. However, you can usually change your browser settings.

    Please note: If you deactivate the setting of cookies, you may not be able to use all functions of our website to their full extent.

    Cookie list
  • Matomo
    Description of data processing

    This website uses the web analysis service Matomo to analyze and regularly improve the use of our website. We can use the statistics obtained to improve our offer and make it more interesting. The following data is collected in this context Anonymized IP address (only two bytes are recorded), website accessed, previously accessed website, time spent on the websites and frequency of visits to the websites, search queries, downloads, browser and operating system information.

    The data is collected and stored by us. The data will not be transmitted to third parties in this context.

    Purpose of data processing

    We use this tool to obtain information about the use of our website and to be able to use this data to design and optimize our website in line with requirements.

    Legal basis

    The tool is used on the basis of your consent in accordance with Art. 6 para. 1 lit. a EU GDPR. You can withdraw your consent at any time by clicking on the button below. You can make the appropriate settings here:

    The revocation only applies to the device and the web browser on which it was set, please repeat the process on all devices if necessary.

    Storage duration of the data

    The data obtained via this process is deleted as soon as it is no longer required for our purposes. Specifically, the statistics collected are stored for 24 months and then deleted.

  • OneTrust (Consent banner)

    In order to obtain and store your data protection consent, we use the consent management platform of OneTrust (OneTrust LLC, Atlanta, GA, USA, 1200 Abernathy Rd NE, Building 600 Atlanta, GA 30328).

    The processing of data in connection with OneTrust is based on our legitimate interest for the purpose of user-friendly content management. The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f EU-GDPR, § 25 para. 2 no. 2 TTDSG. OneTrust is used after a comprehensive balancing of interests. The focus is on the interest in the simplest possible and centralized consent control, which covers all data connections from third parties as well as tools requiring consent and offers you, among other things, a simple revocation option. The settings are stored on your end device using cookies. You can also delete these manually at any time, so that our interest in using OneTrust outweighs any conflicting interests of users.

    If you activate or prevent the use of certain offers via our consent banner, we store this via a consent cookie on your end device. The storage is necessary for the technical implementation of consent management and serves us for verification purposes.

    The data collected will be stored until you ask us to delete it or delete the OneTrust cookie yourself or until the purpose for storing the data no longer applies. Mandatory statutory retention periods remain unaffected.

    When using OneTrust, a data transfer to the USA cannot be ruled out. The EU Commission has issued an adequacy decision for the USA, the so-called Trans-Atlantic Data Privacy Framework (TADPF). OneTrust has certified itself in accordance with the TADPF and has therefore undertaken to comply with European data protection principles.

  • CloudFlare

    We use the content delivery network service of Cloudflare Inc (101 Townsend St San Francisco, CA 94107) on our website. Technically, the connection from your device to our website is routed via the Cloudflare network. This enables Cloudflare to detect attacks on our website, for example. However, because TLS encryption is always activated on our website, Cloudflare has no access to the data you enter. When you visit our website, Cloudflare cookies are set in your web browser. Cloudflare collects statistical data about your visit to this website. The access data includes: Name of the website accessed, file, date and time of access, amount of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider. Cloudflare uses the log data for statistical evaluations for the purpose of operation, security and optimization of the offer (e.g. to identify and defend against mass abusive access in the context of denial-of-service (DoS), distributed denial-of-service attacks (DDoS) or to identify several legitimate accesses from different devices using one IP address). Please also read Cloudflare's privacy policy, which is available here. We use this service to ensure the availability of our website, to protect us from attacks and to optimize the loading times of our website. The tool is used on the basis of our legitimate interest in accordance with Art. 6 para. 1 lit. f EU GDPR. Your data is transmitted to Cloudflare for analysis and thus to a third country. An adequacy decision of the EU Commission is in place for the USA, the so-called Trans-Atlantic Data Privacy Framework (TADPF). CloudFlare Inc. has certified itself in accordance with the TADPF and is therefore committed to complying with European data protection principles.

  • Google Maps

    We use Google Maps (API) from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google") on the basis of your consent pursuant to Art. 6 para. 1 sentence 1 lit. a EU-GDPR/§ 25 para. 1 TTDSG. Google Maps is a web service for displaying interactive maps to visualize geographical information. If you have given your consent, information about your use of our website (such as your IP address) will be transmitted to Google servers in the USA and stored there when you access those sub-pages in which the Google Maps map is integrated. The EU Commission has issued an adequacy decision for the USA, the so-called Trans-Atlantic Data Privacy Framework (TADPF). Google has certified itself in accordance with the TADPF and has therefore undertaken to comply with European data protection principles. This applies regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish your data to be associated with your Google profile, you must log out before activating the button. Google stores your data (even for users who are not logged in) as usage profiles and analyzes them. The evaluation enables the display of personalized advertising, market research and/or needs-based design of the website. You can revoke your consent at any time by clicking on the button below. You can make the appropriate settings here:

  • YouTube

    YouTube is a video portal of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "YouTube"). We have integrated at least one YouTube plugin into our online services. We use the service on the basis of your consent in accordance with Art. 6 para. 1 sentence 1 lit. a EU-GDPR/§ 25 para. 1 TTDSG.

    When you access an online service that contains a YouTube plugin, your browser establishes a direct connection with the YouTube servers. This transmits the information to YouTube that your browser has visited the corresponding page of our online services, even if you do not have a YouTube account or are not logged into your account. This information is transmitted directly from your browser to a YouTube server and stored there.

    If you are logged into your YouTube account at the same time, it is also possible to assign the page view to your YouTube account and you would enable YouTube to assign your surfing behavior directly to your personal profile.

    If you wish to prevent this transmission and storage of your data and your behavior on our online services by YouTube, you must log out of YouTube before you visit our site and delete any cookies placed by YouTube.

    Further information on the collection and use of your data by YouTube can be found in their Data Privacy notice at and in Google’s Privacy Policy at

  • Social Media

    The Diehl Group maintains appearances in the "social media", in this case on Facebook, Twitter, YouTube, Instagram, Xing and LinkedIn.
     Insofar as we have control over the processing of your data, we ensure that the applicable data protection regulations are complied with.
    Below you will find the most important information on data protection law in relation to our websites.

    In addition to Diehl Stiftung & Co. KG, the following is responsible for the company websites within the meaning of the EU GDPR and other data protection regulations

    • Facebook (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)

    • Instagram (Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland)

    • Twitter

    • YouTube (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland)

    • Xing (Xing SE, Dammtorstraße 30, 20354 Hamburg, Germany)

    • LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)

    However, you use these platforms and their functions at your own risk. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). We would also like to point out that your data may be processed outside the European Union.

    Purpose and Legal Basis

    We maintain the fan pages ourselves in order to communicate with visitors to these pages and to inform them about our offers in this way.

    We also collect data for statistical purposes in order to further develop and optimize the content and to make our offer more attractive. The data required for this (e.g. total number of page views, page activities and data provided by visitors, interactions) are processed by the social networks and made available to us. We have no influence on the generation and presentation of this data.

    In addition, your personal data will be processed by the social media providers, but also by the Diehl Group, for market research and advertising purposes. For example, it is possible that user profiles are created based on your usage behavior and the resulting interests. This allows, among other things, advertisements to be placed within and outside the platforms that correspond to your interests. Cookies are usually stored on your computer for this purpose. Irrespective of this, data that is not collected directly on your end devices may also be stored in your usage profiles. Data is also stored and analyzed across devices; this applies in particular, but not exclusively, if you are registered as a member and logged in to the respective platforms.

    We do not collect or process any other personal data.

    The processing of your personal data by the Diehl Group is based on our legitimate interests in effective information and communication in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR.

    If you are asked for consent to data processing, i.e. if you declare your consent by confirming a button or similar (opt-in), the legal basis for processing is Art. 6 para. 1 sentence 1 lit. a), Art. 7 GDPR.

    Your rights / option to object

    If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored membership data with the respective network, you must

    • log out of the respective network before visiting our fan page,

    • delete the cookies present on the device and

    • Close and restart your browser.

    However, after logging in again, you will be recognizable to the network as a specific user.

    For a detailed description of the respective processing and the opt-out options, please refer to the information linked below:

    You have the following rights with regard to the processing of your personal data:

    Right of access; right to rectification; right to erasure; right to restriction of processing; right to object; right to data portability; right to lodge a complaint about unlawful processing of your personal data with the competent data protection authority.

    However, since the Diehl Group does not have full access to your personal data, you should contact the social media providers directly if you wish to make a claim, as they have access to the personal data of their users and can take appropriate measures and provide information. Should you nevertheless require assistance, we will of course try to support you.

    Please contact

    Notes on copyright and artistic copyright

    If you wish to publish images, texts, plans, videos, music etc. on our website, you should be aware that you may be assigning all rights of use to the network, which could ultimately have legal consequences for you if you are not the author or rights holder yourself.

  • Google My Business

    We operate a so-called Google My Business profile of Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; "Google"). If you are based in the European Economic Area or Switzerland, Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) is the controller responsible for your data collected in these processes.

    Google My Business gives us the opportunity to introduce our company to you. You also have the opportunity to contact us and rate our company, as well as upload photos relating to our company. We would like to point out that you use our My Business profile and its functions on your own responsibility. This applies in particular to the use of social and interactive functions (e.g. commenting, sharing, rating, direct messages). When you visit and interact with our Google My Business profile, Google also collects your IP address and other information that is stored on your device in the form of cookies. The data collected about you in this context is processed by Google and may be transferred to countries outside the European Union. Google generally describes what information it receives and how it is used in its privacy policy:

    If you would like to contact us via our Google My Business profile, we would like to refer you to our "Contact form / contact by e-mail" . We use your data to answer your request via My Business or to respond to your review. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f) GDPR. We do not process any other data from your use of My Business.

  • Online offers for children

    Persons under the age of 16 may not transmit any personal data to us or submit a declaration of consent without the consent of their legal guardian. We would like to encourage parents and legal guardians to actively participate in the online activities and interests of their children.

  • Links to other providers

    Our website also contains - clearly recognizable - links to the websites of other companies. Where links to websites of other providers are available, we have no influence on their content. Therefore, no guarantee or liability can be assumed for this content. The respective provider or operator of the pages is always responsible for the content of these pages.

    The linked pages were checked for possible legal violations and recognizable infringements at the time of linking. Illegal contents were not recognizable at the time of linking. However, permanent monitoring of the content of the linked pages is not reasonable without concrete evidence of an infringement. If we become aware of any legal infringements, such links will be removed immediately.

Other languages: