Section 1 Information about the collection of personal data
(1) We have provided you information about the collection of personal data on our website below. Personal data includes all data that relates to you personally, i.e., your name, address, e-mail address and usage behavior.
(2) The controller pursuant to Article 4(7) EU General Data Protection Regulation (GDPR) is:
Dornbracht AG & Co. KG
Köbbingser Mühle 6
(please see our Imprint)
You can contact our Data Protection Officer by e-mail at firstname.lastname@example.org or by writing to our mailing address, “attn. data protection officer.”
(3) Should you send us questions via the contact form, we will collect the data entered on the form, including the contact information you provide, in order to answer your question and in the event of any follow-up questions. We will not share this data without your consent.
The data entered in the contact form is therefore processed exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You can withdraw this consent at any time. An informal e-mail making this request is sufficient. This does not affect the lawfulness of any data processing done before we receive your withdrawal.
We will retain the data you provide on the contact form until such time as you request its erasure, withdraw your consent to its storage, or the purpose for its storage is no longer applicable (e.g. after completely processing your inquiry). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected.
(4) If you contact us by e-mail, phone or fax, your request, including all associated personal data (name, inquiry), is stored and processed by us for the purposes of processing your request. We will not share this data without your consent.
This data is processed on the basis of Art. 6(1)(b) GDPR, provided your request is related to the performance of a contract or is required to carry out any pre-contractual actions. In all other cases, processing is based on your consent (Art. 6(1)(a) GDPR) and/or our legitimate interests (Art. 6(1)(f) GDPR), as we have a legitimate interest in effectively processing any requests addressed to us.
We will retain the data you provide in an inquiry until such time as you request its erasure, withdraw your consent to its storage, or the purpose for its storage is no longer applicable (e.g. after completely resolving your matter). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected.
(5) If you order brochures, press kits, etc. (hereinafter referred to as “materials”), we will only collect and store contact information required to process your order and forward them to companies responsible for logistics and delivery of these materials. Mandatory fields are denoted with “*” on the order form.
If you do not order materials from Germany, data will either be forwarded by us to our local branch or to our sales partners, who will send the materials to you by forwarding them to a logistics provider in the respective country, or they will be sent by us as described above.
If you do not reside in the European Economic Area, we may transmit your personal data to countries that have not been designated by the European Commission as providing adequate protection, including the United States. In the case of these transfers, we will take the necessary contractual steps to ensure that your personal data will receive an adequate level of protection.
When businesses place orders for materials, we may collect the name of the contact person at the respective company. The preceding comments apply accordingly in such cases.
Data entered in connection with the ordering process will be processed exclusively on the basis of your consent (Art. 6(1)(a) GDPR). You can withdraw this consent at any time. An informal e-mail making this request is sufficient. This does not affect the lawfulness of any data processing done before we receive your withdrawal.
(6) If you wish to apply to us, we have provided the opportunity to do so using a form intended for this purpose. All mandatory information requested must be provided in full, otherwise the application process cannot be completed properly. Additional information is available here.
The Legal basis for processing your personal data in connection with the application process is primarily section 26 of the Federal Data Protection Act (BDSG). This law permits the processing of data required in connection with a decision to establish an employment relationship. Should the data continue to be necessary for legal purposes once the application process is complete, it may be processed on the basis of Art. 6 GDPR, in particular in order to pursue legitimate interests in accordance with Art. 6(1)(f) GDPR. Our interest would then consist of asserting or defending against legal claims. If you have provided your consent, your data is subject to processing on the basis of Art. 6(1)(a) GDPR. Your consent may be withdrawn at any time. Your personal data will only be shared within our company with persons who are involved in handling your application.
In the event of a rejection, applicant data will be deleted six months from the end of the recruiting process. If you are hired following the recruiting process, your data will be transferred from the candidate application system to our human resources information system.
You may object to having this data stored if you have legitimate interests that outweigh ours.
We use services provided by rexx systems GmbH, Süderstrasse 75-79, 20097 Hamburg in connection with the job application process. More information about this provider is available at: www.rexx-systems.com. After you have provided your consent to processing, data you have entered in the application forms will be transmitted to service provider rexx systems GmbH and stored on its server. Your data will be used exclusively for the purpose described above and subject to compliance with the terms of the GDPR. Your data will not be shared with third parties.
We have concluded a contract data processing agreement with rexx systems GmbH.
(7) In the event that we use third-party service providers in connection with specific functions of our website, or if we desire to use your data for marketing purposes, we will inform you below in detail about the respective processes. We also specify the defined criteria for the retention period. We have carefully selected these service providers and they are obliged to process data provided by us only within the scope of tasks assigned to them.
Section 2 Personal data collection when visiting our website
(1) If you use the website solely for information purposes, that is, if you do not register or otherwise provide us with information, we only collect the personal data which your browser transmits to our server. If you wish to view our website, we collect the following data which is technically necessary for us to display our website to you and to guarantee stability and security (the legal basis is Art. 6(1)(f) GDPR):
– IP address
– Date and time of access
– Time zone difference to Greenwich Mean Time (GMT)
– Contents of the request (specific page)
– Access status/HTTP status code
– The volume of data transferred in each case
– The referring website
– Operating system and its interface
– Language and version of browser software.
(2) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files which are stored on your hard disk in association with the browser you are using and by which the party setting the cookie (in this case, us) receives certain information. Cookies cannot run programs or place viruses on your computer. The purpose of cookies is to make our website more user-friendly and functional.
a) This website uses the following types of cookies, the scope and functionality of which are explained below:
– Transient cookies (see b)
– Persistent cookies (see c).
b) Transient cookies are automatically deleted when you close the browser. This relates to session cookies in particular. They store a so-called session ID with which various requests from your browser can be assigned to a common session. This allows your computer to be recognized when you return to our website. Session cookies are deleted when you log out or close the browser.
c) Persistent cookies are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies at any time using your browser's security settings.
d) You can configure your browser settings as desired and, for example, refuse to accept third-party cookies or any cookies. Please note that you may then not be able to use all functions of this website.
Section 3 Special types of use for our website
(1) If you conclude contracts on our website for services or digital content, it is necessary for the conclusion of the respective contract that you provide us with personal data we need to process your order. Mandatory information required to process your order is marked accordingly; any additional information is voluntary. We will process the data you have provided in order to process your order. We may share your payment data with our house bank for such purposes. The relevant legal basis is Art. 6(1)(b) GDPR.
(2) The connection is encrypted using TLS technology in order to prevent unauthorized access by third parties to your personal data, in particular to your financial data.
Section 4 Newsletters
(1) Upon providing your consent, you may subscribe to our newsletter which we use to inform you of current offerings that may be of interest to you. Goods and services to be advertised are indicated in the consent form.
(2) We use the double opt-in procedure in connection with registration for our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address you provided, in which we will ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we will store your IP address and the time of registration and confirmation. The purpose of this process is to be able to verify your registration and, if necessary, to clarify any potential misuse of your personal data.
(3) The only mandatory information for sending the newsletter is your e-mail address. Providing any other specifically marked information is voluntary. This information is used to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The applicable legal basis is Art. 6(1)(a) GDPR.
(4) You can withdraw your consent to receiving our newsletter at any time by unsubscribing to the newsletter. You can provide notice of such withdrawal by sending by clicking on the link provided in every newsletter e-mail or by sending a message to the contact information provided in the Imprint.
(5) We use the services of Microsoft Dynamics 365 for Marketing in connection with sending our newsletter. This service is provided by the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. CleverReach is a service for the organization and analysis of newsletter distribution. The data you provide (e.g. your e-mail address) in order to subscribe to our newsletter will be stored on servers maintained by Microsoft Dynamics 365 for Marketing in Germany or the United States.
Newsletters we sent via Microsoft Dynamics 365 for Marketing contain a so-called "web-beacon", i.e. a pixel-sized file that is retrieved when opening the newsletter either from our server or that of our e-mail delivery service provider should we use one. During this process, technical information such as your browser and operating system, as well as your IP address and the time of download, is collected. This information is used for making technical improvements to the service, as technical data or target group data can be analyzed according to their reading behavior, their download locations (identifiable through IP addresses), or download times. Statistical data collection also includes an analysis of when the newsletters are opened, and which links are clicked on. For technical reasons, this information can be assigned to individual newsletter recipients. However, it is neither our desire, nor that of our distribution service provider - should we use one - to monitor individual users. The analysis of this data, is more importantly used to recognize patterns in the reading behavior of our users, and to adapt content accordingly or send different content according to the interests of our users. Additional information about data analysis by Microsoft Dynamics 365 for Marketing is available at: https://dynamics.microsoft.com/de-de/dynamics-365-deutschland/
Data is processed on the basis of your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time by canceling your newsletter subscription. This does not affect the lawfulness of any data processing done before you have withdrawn your consent.
If you do not wish Microsoft Dynamics 365 for Marketing to analyze your use of our newsletter, you must cancel your subscription. We provide a link to do this in every newsletter we send. In addition, you can also directly unsubscribe from the newsletter on our website.
Data you provided when registering for the newsletter will be used to distribute the newsletter until such time as you cancel your subscription; Thereafter it will be deleted from our servers and those of Microsoft Dynamics 365 for Marketing. This does not affect data we have stored for other purposes (e.g., e-mail addresses for the members’ area).
You can find additional information about the privacy policies of Microsoft Dynamics 365 for Marketing at: https://www.microsoft.com/de-de/trustcenter/Privacy/GDPR.
We have entered into an agreement with Microsoft for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Microsoft Dynamics 365 for Marketing.
Section 5 Google Analytics
Google Analytics uses “cookies.” Cookies are text files stored on your computer that enable analysis of how you use our website. As a rule, the information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. The data sent by us that is linked to cookies, user IDs or advertising IDs are automatically deleted after 14 months. Data for which the retention period has expired is automatically deleted once a month.
The storage of Google Analytics cookies and the use of this analysis tool are based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in analyzing user behavior in order to improve both its website and its advertising. For the exceptional cases in which personal data is transferred to the United States, Google has committed to the EU-US Privacy Shield: https://www.privacyshield.gov/EU-US-Framework.
(2) We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases will the complete IP address be transferred to a Google server in the United States and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activities for website operators, and to provide additional services related to the use of the website and the Internet. The IP address transferred by your browser in connection with Google Analytics will not be associated with other data held by Google.
(3) You can prevent cookies from being stored by selecting the appropriate settings in your browser; however, we wish to point out that by doing so, you may not be able to enjoy the full functionality of this website. You can also prevent Google from collecting the data generated by the cookie that relates to your use of the website (including your IP address) and prevent Google from processing such data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
(4) We have entered into a contract with Google for the outsourcing of our data processing and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Section 6 Crazy Egg
(1)This web page uses Crazy Egg, a web analysis service operated by Crazy Egg, Inc., 6220 E. Ridgeview Lane, La Mirada, CA, 90638, USA.
(2)Crazy Egg uses “cookies”, i.e. text files stored on your computer that enable analysis of how you use our website. The information generated by the cookie about your usage will be transmitted to a Crazy Egg server in the United States and stored there.
(3)You may refuse the placement of cookies by selecting the appropriate settings on your browser. You can also prevent Crazy Egg from collecting the data generated by the cookie that relates to your use of the website (including your IP address) and prevent Crazy Egg from processing such data by following the instructions available under the following link: http://www.crazyegg.com/opt-out.
Section 7 Integration of YouTube videos
(1) We have integrated YouTube videos into our website. These videos are stored at http://www.YouTube.com and can be played directly from our website. These are all integrated and embedded in the "Extended Privacy Mode", i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. The data referred to in the following paragraph is not transmitted until you play the videos. We have no influence over the transmission of this data.
(2) We use YouTube in the interest of making our website more appealing. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
Section 8 Integration of Vimeo
(1) In some cases, we have integrated videos from Vimeo, Inc. 555 West 18th Street, New York, New York 10011, USA into our website.
(2) Some of our webpages contain videos from Vimeo. A connection to the Vimeo servers is established when you access any of these pages. The plug-in then transmits information about which of our pages you have visited to the Vimeo server. Vimeo will assign this information to your personal user account if you are logged in as a member of Vimeo. By clicking the start button of a video, this information may also be assigned an existing user account. You can prevent the information being assigned to your account by logging out of your Vimeo account and deleting the corresponding Vimeo cookies before using our website.
(3) We use the service on our website on the basis of our legitimate interests (i.e. interest in the analysis, optimization, and efficient operation of our website). The applicable legal basis is Art. 6(1)(f) GDPR.
(5) Vimeo also accesses the tracker Google Analytics via an iFrame in which the video is accessed. This is Vimeo's own tracking system to which we have no access. You can stop tracking by Google Analytics by using the opt-out tools that Google offers for some web browsers. Users can additionally prevent the collection of data produced by the Google Analytics and associated with their website use (including IP address), and its transmission and processing by Google, by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
Section 9 Use of Google Maps
(1) We use Google maps on this website. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. The use of Google Maps is in the interest of making our website appealing and to facilitate locating the places we specify on the website. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
Section 10 Use of web fonts
(1) This website uses external fonts provided by Google Fonts. Google Fonts is a service provided by Google Inc. (”Google”). Google Fonts are integrated by accessing a server, typically a Google server in the United States. This transmits information to the server as to which of our website pages you have visited. Google stores the IP address of the visitor's device from which the browser accesses the webpages.
(2) When you open a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. Web fonts are used in the interest of the uniform and attractive appearance of our website.
(3) This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR.
Section 11 Use of Google AdWords Conversion and Remarketing
(1) We use the Google Adwords service to call your attention to our attractive products with the aid of advertising materials (so-called Google Adwords) on third-party websites. We can determine how successful the individual advertising measures are in relation to the data from the advertising campaigns. We are interested in showing you advertisements which are of interest to you, in making our website more attractive to you and in achieving the transparent calculation of advertising costs.
(2) The advertising media is delivered by Google via so-called "Ad Servers.” For this purpose, we use Ad Server cookies through which certain parameters for measuring success can be measured, such as the display of advertisements or user clicks. If you access our website via a Google ad, Google Adwords will store a cookie on your PC. These cookies usually expire after 30 days and are not used with the intention of personally identifying you. The unique cookie ID, number of ad impressions per placement (frequency), last impression (relevant for post-view conversions) and opt-out information (a mark that the user no longer wishes to be addressed) are usually stored as analysis values for this cookie.
(3) These cookies enable Google to recognize your web browser. If a user visits certain pages on an Adwords customer's website and the cookie stored on their computer has not expired, both Google and the customer are able to recognize that the user has clicked on the ad and has been redirected to the relevant page. Each Adwords customer is assigned a different cookie. This means that cookies cannot be tracked across Adwords customer websites. We do not process any personal data ourselves as part of the advertising measures referred to above. We only receive statistical evaluations from Google. We are able to recognize which of the advertising measures are particularly effective on the basis of these analyses. We do not receive any further data from the use of advertising material; in particular, we cannot identify users on the basis of this information.
(4) Your browser automatically establishes a direct connection to the Google server on the basis of the marketing tools in use. We have no influence on the extent and further use of the data collected by Google through the use of this tool and may thus only inform you on the basis of our knowledge: By including AdWords Conversion, Google receives the information that you have accessed the relevant part of our website or have clicked on an ad from us. If you are registered with a Google service, Google can assign the associated the visit with your account. Even if you are not registered with Google, or have not logged in, it is possible for the provider to obtain and store your IP address.
(5) You can prevent participation in this tracking process in various ways: a) by setting your browser software accordingly, in particular by suppressing third-party cookies so that you will not receive ads from third-party providers; b) by deactivating cookies for conversion tracking, by setting your browser to block cookies from the domain “www.googleadservices.com,” https://www.google.de/settings/ads whereby this setting is deleted when you delete your cookies; c) by deactivating the interest-based ads from providers that are part of the “About Ads” self-regulation campaign via the link http://www.aboutads.info/choices, whereby this setting is deleted when you delete your cookies; d) by permanent deactivation in your Firefox, Internet Explorer or Google Chrome browsers under the link http://www.google.com/settings/ads/plugin. Please note that in this case you may not be able to make full use of all functions of this website.
(6) The legal basis for processing your data is Art. 6(1)(f) GDPR. For more information about data protection at Google, see: http://www.google.com/intl/de/policies/privacy and https://services.google.com/sitestats/de.html. Alternatively, you can visit the Network Advertising Initiative (NAI) website at http://www.networkadvertising.org. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
(7) In addition to Adwords Conversion, we also use the Google Remarketing application. This is a process that we use should we like to contact you again. After you visit our website, this application can display our web advertisements for you while you continue surfing after you leave our website. This is done using cookies stored in your browser which allow Google to record and evaluate your usage behavior when you visit various websites. This is how Google is able determine that previously visited to our website. Google does not, according to its own statements, merge the data collected in the context of re-marketing with your personal data which may be stored by Google. In particular, Google states that re-marketing uses pseudonymization.
Section 12 Google reCAPTCHA
(1) We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our website. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google").
(2) reCAPTCHA is used to check whether data entered on our website (such as on a contact form) has been entered by a person or by an automated program. To do this, reCAPTCHA analyses the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the visitor accesses the website. To perform this analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analysis run completely in the background. Visitors to the website are not informed that an analysis is being performed.
(3) As part of certification under the EU-US Privacy Shield, https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active Google guarantees that it will follow the EU's data protection regulations when processing data in the United States.
(4) The applicable legal basis is Art. 6(1)(f) GDPR. Our legitimate interest relates to the security of our website and in preventing unwanted, automated access in the form of Spam, etc.
Section 13 Use of Facebook pixel
(1) Our website measures conversions using visitor action pixels from Facebook, operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”).
(2) These allow the behavior of site visitors to be tracked after they click on a Facebook ad to reach the provider's website. This allows an analysis of the effectiveness of Facebook advertisements for statistical and market research purposes and their future optimization.
(3) The data collected is anonymous for us as operators of this website and we cannot use it to identify any specific individual. However, the data is stored and processed by Facebook so that association with the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with Facebook Data Usage Policy. This allows Facebook to display ads both on Facebook and on third-party sites. Use of the data cannot be influenced by us as the site operator.
(4) We use Facebook Pixel on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in effective promotional activities, including social media.
(6) You can also deactivate the “Custom Audiences” re-marketing feature in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do so, you will first need to log into Facebook. If you do not have a Facebook account, you can disable Facebook usage-based advertising on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.
Section 14 Your rights
(1) You may assert the following rights concerning your personal data when dealing with us:
– Within the framework of the applicable legal provisions, you have the right to free information about your stored data, its origin and recipients and the purpose of data processing at any time and, if applicable, a right to rectification, blocking or erasure of your data. You can contact us at any time using the address given in our Imprint if you have further questions on the topic of personal data.
– You have the right to restrict the processing of your personal data. To make such a request, you can contact us at any time at the address given in the Imprint. The right to restrict processing applies in the following cases:
– If you dispute the accuracy of your personal data stored with us, for a period enabling us to verify the accuracy of your personal data; You have the right to demand the restriction of processing for your personal data while we verify its accuracy.
– If your personal data was processed/is being processed unlawfully, you can demand the restriction of data processing instead of erasure.
– If we no longer need your personal data, but you need it for the establishment, exercise or defense of legal claims, you have the right to demand the restriction of the processing of your personal data instead of erasure.
– If you have asserted an objection in accordance with Art. 21(1) GDPR, your interests must be weighed against ours. As long as it is not yet clear whose interests predominate, you have the right to demand that the processing of your personal data be restricted.
– Where processing has been restricted, such personal data may, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.
– You have the right to have data which we process automatically on the basis of your consent or in fulfillment of a contract provided to you or to a third party structured, commonly used and machine-readable format (data portability). If you request the direct transfer of data to another data controller, we will only do so the extent that is technically feasible.
(2) You also have the right to lodge a complaint with a data protection supervisory authority concerning our processing of your personal data.
Section 15 Right to object
Section 16 Data security
We use the most common SSL (Secure Socket Layer) method together with the highest level of encryption supported by your browser. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You may determine whether any individual page of our website is encrypted by looking for the closed key or lock symbol in the bottom status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved to meet state-of-the-art requirements.