Data privacy
1. General Information
1.1 Purpose and Responsibility
1. This Privacy Policy informs you about the nature, scope, and purpose of the processing of personal data in relation to our online services and the associated websites, functions, and content (hereinafter collectively referred to as "Online Service" or "Website").
2. The provider of the Online Service and responsible for data protection is Joseph Dresselhaus GmbH & Co. KG (Zeppelinstraße 13, 32051 Herford, Email: info(at)dresselhaus.de) - hereinafter referred to as "Provider", "we", or "us".
3. Our Online Service is provided by Mittwald CM Service GmbH & Co. KG (Königsberger Straße 4-6, D-32339 Espelkamp).
4. Our Data Protection Officer can be reached by mail at Zeppelinstr. 13, 32051 Herford, and by email at datenschutz(at)dresselhaus.de.
5. The term "User" includes all visitors to the website and customers of the Online Service.
1.2 Personal Data and Purposes of Processing
- Personal data are all information relating to an identified or identifiable natural person (hereinafter "data subject").
- The following overview summarizes the types of data processed and the purposes of their processing and refers to the data subjects.
Categories of Processed Data
- Contact data
- Address/Delivery address
- Inventory data
- Payment data
- Location data
- Content data
- Contract data
- Usage data
- Meta, communication, and procedural data
Categories of affected persons
- Customers
- Prospective customers
- Communication partners
- Users
- Business and contractual partners
Purposes of Processing
- Communication with you about products, services, and projects, e.g., to process your inquiries;
- Planning, conducting, and managing the (contractual) business relationship between us and you, e.g., to process orders for products and services, collect payments, for accounting, billing, and debt collection purposes, and to perform deliveries, maintenance, or repairs;
- Creation of personalized offers or quotations;
- Online Shop: We process our customers data to allow them to select, purchase, or order the selected products, goods, and associated services, as well as their payment and delivery or execution. If necessary for the execution of an order, we use service providers, especially postal, freight, and shipping companies, to carry out the delivery or execution for our customers. For the processing of payment transactions, we use the services of banks and payment service providers. The required details are marked as such during the order or similar acquisition process and include the information necessary for delivery, provision, and billing, as well as contact information to possibly hold consultations;
- Conducting customer surveys, marketing campaigns, market analyses, contests, competitions, or similar actions and events;
- Maintaining and protecting the security of our products and services as well as our websites by preventing and detecting security risks, fraudulent actions, or other criminal or malicious actions;
- Compliance with legal requirements (e.g., tax and commercial retention obligations) or existing obligations for conducting compliance screenings (to prevent economic crime or money laundering);
- Settlement of legal disputes, enforcement of existing contracts, and the assertion, exercise, and defense of legal claims.
The processing of personal data is necessary to achieve the above purposes, including the execution of the (contractual) business relationship with you. If the above data is to be processed for a purpose other than the original purpose of collection, you will be informed about this before further processing. This way, you have the opportunity to object to the processing of your data for a different purpose.
1.3 Legal Bases
- We collect and process personal data based on the following legal bases according to the GDPR. In addition to the provisions of the GDPR, national data protection regulations in your or our country of residence may apply. If more specific legal bases are relevant in individual cases, we will inform you of these in the Privacy Policy.
- Consent according to Article 6(1)(a) GDPR. Consent is any voluntarily given, informed, and unambiguous indication of the data subject's wishes in the form of a statement or other clear affirmative action, indicating agreement to the processing of personal data relating to him or her.
- Necessity for the performance of a contract or to take steps prior to entering into a contract according to Article 6(1)(b) GDPR, i.e., the data is necessary for us to fulfill our contractual obligations to you, or we need the data to prepare a contract with you.
- Processing for compliance with a legal obligation according to Article 6(1)(c) GDPR, i.e., processing of data is required, for example, by law or other regulations.
- Processing for the purposes of legitimate interests according to Article 6(1)(f) GDPR, i.e., the processing is necessary to safeguard legitimate interests on our part or third parties, unless the interests or fundamental rights and freedoms on your part, which require the protection of personal data, prevail.
1.4 Data Subject Rights
- You have the following rights regarding data processing by us:
- Right to withdraw consent according to Article 7(3) GDPR: You have the right to withdraw consent at any time.
- Right to lodge a complaint with a supervisory authority according to Article 13(2)(d) GDPR and Article 14(2)(e) GDPR: You have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
- Right of access according to Article 15 GDPR: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information specified by law.
- Right to rectification according to Article 16 GDPR: You have the right, under the statutory provisions, to request the completion or correction of inaccurate personal data concerning you.
- Right to erasure ("right to be forgotten") according to Article 17 GDPR: You have the right, under the statutory provisions, to demand that personal data concerning you be erased immediately.
- Right to restriction of processing according to Article 18 GDPR: You have the right, under the statutory provisions, to demand a restriction on the processing of the data.
- Right to data portability according to Article 20 GDPR: You have the right to receive personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format, or to demand the transmission of these data to another controller.
- Right to object according to Article 21 GDPR: You have the right, for reasons arising from your particular situation, to object at any time to the processing of personal data concerning you, which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions. If personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
The objection can be addressed in writing to Joseph Dresselhaus GmbH & Co. KG, Data Protection Officer, Zeppelinstraße 13, 32051 Herford 31, or electronically to datenschutz(at)dresselhaus.de.
- Right to lodge a complaint with a supervisory authority according to Article 13(2)(d) GDPR and Article 14(2)(e) GDPR: Regardless of any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection supervisory authority, particularly in the Member State of your residence, your place of work, or the place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR. The supervisory authority responsible for our company is:
- State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf
Phone: 0211/38424-0
Fax: 0211/38424-999
Email: poststelle@ldi.nrw.de
1.5 Data Deletion and Storage Duration
- The data processed by us will be deleted according to the legal requirements as soon as their processing is revoked or other permissions cease to apply (e.g., if the purpose of processing these data has ceased or they are not required for the purpose). If the data is not deleted because it is required for other and legally permissible purposes, their processing will be restricted to these purposes. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons or whose storage is necessary to assert, exercise, or defend legal claims or to protect the rights of another natural or legal person. Our privacy notices may contain further information on the retention and deletion of data, which take precedence for the respective processing operations.
1.6 Security of Processing
- We take appropriate technical and organizational measures in accordance with legal requirements, considering the state of the art, the costs of implementation, and the nature, scope, circumstances, and purposes of processing as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons, to ensure a level of security appropriate to the risk.
The measures include, in particular, safeguarding the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data as well as the access, input, disclosure, safeguarding of availability, and its separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion, of data and responses to data threats. Furthermore, we already take the protection of personal data into account during the development or selection of hardware, software, and processes in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.
- TLS/SSL encryption (https): To protect the data of users transmitted via our online services, we use TLS/SSL encryption. Secure Sockets Layer (SSL) is the standard technology for securing internet connections by encrypting data transmitted between a website or app and a browser (or between two servers). Transport Layer Security (TLS) is an updated and more secure version of SSL. Hyper Text Transfer Protocol Secure (HTTPS) is displayed in the URL when a website is secured by an SSL/TLS certificate.
1.7 Data Transfer to Third Parties, Subcontractors, and Third-party Providers
- Personal data is only transferred to third parties in accordance with legal requirements. We only disclose the data of the data subjects to third parties if, for example, it is necessary for billing purposes or for other purposes if the transfer is necessary to fulfill contractual obligations to the data subjects.
- Data transfer within the organization: We may transfer or grant access to personal data to other places within our organization. If this transfer is for administrative purposes, the transfer of data is based on our legitimate business and economic interests or takes place if it is necessary for the fulfillment of our contract-related obligations or if consent of the data subjects or a legal permission exists.
- If we use subcontractors for our Online Service, we have made appropriate contractual arrangements and corresponding technical and organizational measures with these companies.
- If we process data in a third country (i.e., outside the European Union (EU), the European Economic Area (EEA)) or if processing takes place in the context of using third-party services or the disclosure or transfer of data to other persons, bodies, or companies, this is done only in accordance with legal requirements. If the level of data protection in the third country has been recognized by an adequacy decision (Art. 45 GDPR), this serves as the basis for the data transfer. Otherwise, data transfers only take place if the level of data protection is otherwise secured, in particular by EU standard contractual clauses (Art. 46(2)(c) GDPR), explicit consent, or in the case of contractual or legally required transmission (Art. 49(1) GDPR).
2. Specific Data Processing
2.1 Collection of Information on the Use of the Online Service
- When using the Online Service, information is automatically transmitted from the user's browser to us; this includes the name of the accessed webpage, file, date and time of access, transferred data volume, notification of successful retrieval, browser type along with its version, the user's operating system, referrer URL (the previously visited page), IP address, and the requesting provider.
- The processing of this information is based on legitimate interests according to Article 6(1)(f) GDPR (e.g., optimization of the Online Service) and to ensure the security of processing according to Article 5(1)(f) GDPR (e.g., to prevent and investigate cyber attacks).
- The information is automatically deleted 60 days after the end of the connection, i.e., the use of the Online Service, unless other retention periods apply.
- The collection of data and the storage of data in log files are mandatory for the provision of the Online Service. Therefore, there is no possibility for the user to delete, object, or correct the data.
2.2 Contact Form and Contact by Email
- When contacting us (via online form or email), the user-provided data is processed exclusively for handling the request and its processing.
- Any other use of the data takes place only based on the user's consent.
- The user's data is stored in our website management system typo3. The legal retention periods for business letters apply.
2.3 Customer Account
- Customers can create an account within our online offer (e.g., customer or user account, briefly "Customer Account"). If the registration of a customer account is necessary, customers will be informed of this as well as the required information for registration. Customer accounts are not public and cannot be indexed by search engines. During the registration and subsequent logins and use of the customer account, we store the IP addresses of customers along with the access times, to prove the registration and to prevent any misuse of the customer account. If the customer account is terminated, the data of the customer account will be deleted after the termination date, unless they must be retained for other purposes than the provision in the customer account or for legal reasons (e.g., internal storage of customer data, order processes, or invoices). It is the responsibility of customers to secure their data when terminating their customer account.
2.4 Webshop - Use
- If you want to order something in our webshop, a customer account must be created, where your data is stored for future further purchases. If your request for opening a customer account should be rejected, we will delete the data you entered as soon as we are no longer legally obliged to store it.
- If we create a customer account, the data you provided in the context of the request are stored revocably. You can have the account deleted at any time. To do this, please contact your responsible clerk. We use your provided data for processing your order or inquiry. For this purpose, we may pass on your address data to a commissioned shipping company and possibly your payment data to our house bank.
- We also delete this data after processing the contract and expiry of the tax and commercial retention obligations.
- To prevent unauthorized access by third parties to your personal data, especially financial data, the order process is encrypted using TLS technology.
2.5 Google Tag Manager
- This website uses Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tool Manager only implements tags. This means: No cookies are used, and no personal data is collected. The Google Tool Manager triggers other tags, which in turn may collect data. However, the Google Tag Manager does not access these data.
- If a deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags, provided they are implemented with the Google Tag Manager.
2.6 Consent Management by Usercentrics
- We use the Usercentrics Consent Management Platform as a consent management tool as part of the analytics activities on our website. The Usercentrics Consent Management Platform collects log file and consent data using JavaScript. This JavaScript enables users to be informed about their consent to certain tags on our website and to obtain, manage, and document this consent.
- We process the following data:
- Consent data or data of consent (anonymized logbook data (Consent ID, Processor ID, Controller ID), Consent Status, Timestamp)
- Device data or data of the used devices (including truncated IP addresses (IP v4, IP v6), device information, Timestamp)
- User data or user data (including email, ID, browser information, SettingIDs, Changelog)
- The ConsentID (contains the data mentioned above), the Consent Status including timestamp, are stored in your browser's local storage and simultaneously on the deployed cloud servers. Further processing only takes place if you make a request for access or revoke your consent. In this case, the corresponding information is provided to us in a compact data format in a readable text form for the purpose of data exchange (JSON file).
- No user information is stored for the statistics of the granted or not granted consent. Only the frequency and locations of the clicks are stored.
- Personal data is stored on a Google Cloud Server located in the EU (Brussels, Frankfurt am Main).
- The purpose of data processing is the analysis and management of the given consents, in order to comply with our obligation of GDPR-compliant consent management. The use of Usercentrics serves the purpose of proving granted and not granted consents as well as their management.
- The legal basis for managing your consents to process your personal data is Art. 6(1)(f) GDPR. Our legitimate interest lies in the legally compliant documentation and verifiability of consents, the control of marketing measures based on the given consent, and the optimization of consent rates.
- The data is deleted as soon as they are no longer needed. The corresponding cookie has a runtime of 60 days. The revocation receipt of a previously given consent is kept for a period of three years. The storage is based on our accountability according to Art. 5(2) GDPR.
2.7 Google Maps
- This website uses Google Maps for displaying maps and creating route plans. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
- By your consent, you agree to the collection, processing, and use of the automatically collected as well as the data you entered by Google, one of its agents, or third-party providers.
- The terms of use for Google Maps can be found at https://policies.google.com/privacy?hl=de&gl=de.
- Detailed information can be found in the data protection center of google.de at https://policies.google.com/privacy?hl=de&gl=de.
2.8 Google AJAX Search API / jQuery
- On our websites, we use the JavaScript library jQuery (ajax.googleapis.com). To increase the loading speed of our website and thereby provide you with a better user experience, we use Google's CDN (content delivery network) to load this library. There is a high probability that you have already used jQuery on another page from the Google CDN. In this case, your browser can access the copy stored in the cache, and it does not have to be downloaded again. If your browser has not stored a copy in the cache or downloads the file from the Google CDN for another reason, data from your browser will be transferred to Google Inc. (“Google”).
- For more information on data processing by Google, please refer to Google's privacy policy, currently available at: https://www.google.de/intl/de/policies/privacy/
2.9 Links to Other Websites
- During the use of some of our services, you may automatically be redirected to other websites.
- Please note that this Privacy Policy does not apply there. The privacy policy of the linked website may differ significantly from this one.
2.10 Google Analytics
We use Google Analytics, a web analysis service provided by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) - hereinafter referred to as "Google", based on your consent for the analysis, optimization, and economic operation of our online service according to Art. 6(1)(a) GDPR. Google uses cookies and other technologies. The information generated by the service about the use of the online service by users is transmitted to a Google server in the USA and processed there.
As part of commissioned processing according to Article 28 GDPR, Google acts on our behalf. We have concluded a data protection agreement with Google, which includes the EU standard data protection clauses.
We use Google Analytics with activated IP anonymization. Google Analytics stores cookies in your web browser for a duration of two years since your last visit. These cookies contain a randomly generated User-ID, which can be recognized during future website visits. Users can prevent the storage of cookies by adjusting their browser software accordingly.
The recorded data along with the randomly generated User-ID, which enables the evaluation of pseudonymous user profiles, are automatically deleted after 26 months. Other data remain stored in aggregated form indefinitely.
Further information on data usage by Google, setting, and opt-out options can be found on Google's websites: https://policies.google.com/technologies/partner-sites?hl=de ("Data use by Google when you use websites or apps of our partners"), https://policies.google.com/technologies/ads ("Data use for advertising purposes"), https://adssettings.google.com/authenticated ("Manage information that Google uses to show you advertising").
2.11 Use of Leadinfo
On this website, we use the lead generation service from Leadinfo B.V., Rotterdam, Netherlands, based on our legitimate interests (Art. 6(1)(f) GDPR) for marketing, market research, and optimization purposes. This service identifies visits from companies to our website based on IP addresses and shows us publicly available information such as company names or addresses. Additionally, Leadinfo sets two first-party cookies to analyze user behavior on our website and processes domains from form entries (e.g., "leadinfo.com") to correlate IP addresses with companies and improve the services. More information can be found at www.leadinfo.com. The data collected by Leadinfo will be deleted when they are no longer required for their intended purpose and if there are no legal retention obligations opposing their deletion.
You can object to the collection and storage of data at any time with effect for the future by clicking on this link www.leadinfo.com/en/opt-out. In case of an opt-out, your data will no longer be captured by Leadinfo.
3 Cookie Policy
3.1 General Information
Cookies are pieces of information that are transferred from our web server or third-party web servers to the user's web browser and stored for later retrieval. Cookies can be small files or other types of information storage.
If users do not want cookies stored on their computer, they are asked to disable the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. Excluding cookies can lead to functional restrictions of this online offer.
We use cookies in accordance with legal regulations. Therefore, we obtain prior consent from the users, except when this is not legally required. Consent is not necessary when storing and reading information, including cookies, is absolutely necessary to provide the telemedia service (our online offer) expressly requested by the users. Necessary cookies typically include those with functions for displaying and running the online offer, load balancing, security, storing user preferences and choices, or similar purposes related to the provision of the main and ancillary functions of the online offer requested by the users. The revocable consent is clearly communicated to users and contains information about the respective cookie use.
We use a procedure for cookie consent management (Consent Management System), in which users' consents to the use of cookies, or the processing and providers mentioned in the cookie consent management process, are obtained, managed, and revoked. The consent declaration is stored to avoid having to repeat the query and to be able to prove the consent according to the legal obligation. The storage can take place server-side and/or in a cookie (so-called opt-in cookie, or using comparable technologies) to assign the consent to a user or their device.
The legal basis on which we process personal data of users with the help of cookies depends on whether we ask users for consent. If users consent, the legal basis for processing their data is the declared consent. Otherwise, the data processed with the help of cookies are processed based on our legitimate interests (e.g., in a business operation of our online offer and its usability improvement) or, if this is part of fulfilling our contractual obligations, if the use of cookies is necessary to fulfill our contractual obligations. The purposes for which cookies are processed by us are clarified in the course of this Privacy Policy or in the context of our consent and processing processes.
3.2 Cookie Overview
Details of cookies and third-party services used on this website can be directly accessed in our Consent Management System. This information will not be repeated here.
3.3 Storage Duration
Regarding storage duration, the following types of cookies are distinguished:
a) Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closes their end device (e.g., browser or mobile application).
b) Permanent cookies: Permanent cookies remain stored even after closing the end device. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. The data collected by cookies can also be used for reach measurement. Unless we provide users with explicit information about the type and storage duration of cookies (e.g., when obtaining consent), users should assume that cookies are permanent and that the storage duration can be up to two years.
3.4 Objection Options
Users can revoke given consents at any time and object to the processing according to the legal requirements. Among other things, users can restrict the use of cookies in their browser settings (which may also limit the functionality of our online offer).
Users can object to the use of cookies that serve reach measurement and advertising purposes via:
a) the deactivation page of the Network Advertising Initiative: http://optout.networkadvertising.org/
b) the US website http://www.aboutads.info/choices
c) the European website http://www.youronlinechoices.com/uk/your-ad-choices/
4 Changes to the Privacy Policy
We reserve the right to change this Privacy Policy as needed to adapt it to changed legal situations, changes to the online offer, or data processing.
If user consent is required or components of the Privacy Policy contain regulations of the contractual relationship with the users, the changes will only be made with the consent of the users.
Users are requested to inform themselves regularly about the content of this Privacy Policy.