General data protection information (as at 24 May 2018)
Part 1: Information on data protection regarding our processing under Articles 13, 14 and 21 General Data Protection Regulation (GDPR)
We take data protection seriously and hereby inform you on how we process your data and what claims and rights you are entitled to under data protection rules. Applicable as of 25 May 2018.
1. Office responsible for data processing and contact data
responsible office within the meaning of data protection law:
DALLI-WERKE GmbH & Co. KG
or MÄURER & WIRTZ GmbH & Co. KG
Zweifaller Str. 120
Telephone: +492402 89-0
E-Mail-dddress: firstname.lastname@example.org or email@example.com
Contact data of our data protection officer:
DALLI-WERKE GmbH & Co. KG
or MÄURER & WIRTZ GmbH & Co. KG
Data protection officer
Zweifaller Str. 120
E-Mail-address: firstname.lastname@example.org or email@example.com
2. Purposes and legal basis on which we process your data
We process personal data in accordance with the stipulations of the General Data Protection Regulation (GDPR) and national data protection laws as well as other applicable data protection provisions (details are provided in the following). The details of which data are processed and how they are used mostly depend on the services requested or agreed in each case. Further details or additions for the purposes of data processing can be found in the respective contract documents, forms, a declaration of consent and/or other information provided to you (e. g. in the context of the use of our website or our terms and conditions). In addition, this data protection information may be updated from time to time, as you may find out from our websites www.dalli-group.com
2.1 Purposes to perform a contract or pre-contractual measures (Art. 6, section 1 b GDPR)
The processing of personal data is carried out in order to perform our contracts with you and to execute your orders as well as to carry out measures and activities in the framework of pre-contractual relations, e. g. with interested parties. In particular, the processing thus serves to provide services according to your orders and wishes and includes the necessary services, measures and activities. This essentially includes contract-related communication with you, the verifiability of transactions, orders and other agreements as well as quality control by means of corresponding documentation, goodwill procedures, measures to control and optimize business processes as well as the fulfilment of general duties of care, control and supervision by affiliated companies (e. g. parent company), statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, accounting and tax assessment of operational services, risk management, assertion of legal claims and defense in the event of legal disputes, ensuring IT security (inter alia system and plausibility tests) and general security, including building and plant security, securing and exercising domestic authority (e. g. by means of access controls), guaranteeing the integrity, authenticity and availability of data, prevention and investigation of criminal offences, control by supervisory bodies or supervisory authorities (e. g. auditing).
2.2 Purposes within the framework of a legitimate interest on our part or of third parties (Art. 6, section 1 f GDPR)
In addition to the purpose to fulfil the (pre-)contract, we might process your data when necessary to protect legitimate interests of our own or of third parties, in particular for the following purposes:
- advertising or market and opinion research, as far as you have not objected to the use of your data;
- obtaining information from and exchanging data with operators/ agencies where this goes beyond our economic risk;
- the examination and optimization of processes for needs analysis;
- the further development of services and products as well as of existing systems and processes
- the disclosure of personal data in the framework of due diligence in the course of company sale negotiations;
- for comparison with European and international anti-terrorist lists, insofar as this goes beyond the legal obligations;
- the enrichment of our data, e. g. by using or researching publicly accessible data;
- statistical evaluations or market analysis;
- the assertion of legal claims and defense in legal disputes which are not directly attributable to the contractual relationship;
- the limited storage of data, if a deletion is not possible or only possible with disproportionate efforts due to the special type of storage;
- the development of scoring systems or automated decision-making processes;
- the prevention and investigation of criminal offences, if this is not exclusively to fulfil legal requirements;
- building and plant security (e. g. by means of access control and video surveillance), insofar as this goes beyond the general duties of care;
- internal and external investigations, safety reviews;
- any monitoring or recording of telephone conversations for quality control and training purposes;
- preservation and maintenance of certifications of private-law or official nature;
- the securing and exercise of our domestic authority by means of appropriate measures as well as by video surveillance for the protection of our customers and employees as well as for securing evidence in the framework of criminal offences and their prevention.
2.3 Purposes within the framework of your consent (Art. 6, section 1 a GDPR)
Your personal data can also be processed for certain purposes (e.g. use of your e-mail-address for marketing purposes) on the basis of your consent. As a rule, you can revoke this consent at any time. This also applies to the revocation of consent that was given to us before the GDPR came into effect, i.e. prior to 25 May 2018. You shall be separately informed about the purposes and about the consequences of revocation or refusal to give consent in the respective text of the consent.
Generally, revocation of consent only has effect for the future. Processing that has taken place prior to revocation is not affected by such and remains lawful.
2.4 Purposes relating to compliance with a legal obligation (Art. 6, section 1 c GDPR) or in the public interest (Art. 6, section 1 e GDPR)
Just like anyone who takes part in business life, we are subject to a large number of legal obligations. These are primarily statutory requirements (e.g. commercial and tax laws), but possibly also supervisory law or other official requirements. The purposes of processing may include identity and age checks, prevention of fraud and money laundering, the prevention, combating and education regarding terrorism financing and crime with a risk for property, comparisons with European and internationan anti-terror lists, compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security and of audits by tax/fiscal and other authorities. In addition, it may be necessary to disclose personal data in the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the enforcement of civil law claims.
3. The categories of data that we process insofar as we do not receive data directly from you, and its origin
If necessary for the performance of our services, we may process data that we have lawfully received from other companies or other third parties (e.g. information offices). In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (e.g. telephone registers, commercial and association registers, civil registers, the press, the internet and other media) and that we are allowed to process.
Relevant personal data categories may in particular be:
- personal data (name, date of birth, place of birth, nationality, marital status, occupation/trade and comparable data)
- contact data (address, e-mail address, telephone number and similar data)
- Address data (population register data and comparable data)
- payment confirmation/confirmation of cover for bank and credit cards
- information about your financial situation (credit-worthiness data including scoring, i.e. data for assessing the economic risk)
- customer history
- data about your use of the telemedia offered by us (e. g. time of access to our websites, apps or newsletters, clicked pages/links or entries and comparable data)
- Video data.
4. Recipients or categories of recipients of your data
Within our company, your data is received by those internal offices or organizational units that need such to fulfil our contractual and statutory obligations or to process and implementing our legitimate interests. Your data is disclosed/passed on to external offices and persons exclusively
- in connection with the execution of the contract;
- to fulfil legal obligations that require us to provide information, give notice or forward data or where the forwarding of data is in the public interest (see section 2.4);
- to the extent that external service-providers process data on behalf of us as contract processors or providers of certain functions (e.g. external data centers, support and maintenance of DP/IT applications, archiving, document processing, call center services, compliance services, controlling, data screening for anti-money laundering purposes, data validation and plausibility check, data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, auditing services, credit institutions, printing companies or companies for data disposal, courier services, logistics);
- on the basis of our legitimate interest or the legitimate interest of the third party within the purposes cited in section 2.2 (e.g. to authorities, credit agencies, collection agencies, attorneys, courts of law, appraisers, companies affiliated to company groups as well as bodies and control instances);
- if you have given us consent to transmit data to third parties.
Beyond this, we shall refrain from transmitting your data to third parties. Insofar as we commission service providers within the framework of processing an order, your data will be subject to the same security standards that we have stipulated. In all other cases, recipients may only use the data for purposes for which the data has been sent to them.
5. Period of time your data is stored for
We process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the phaseout.
In addition, we are subject to various retention and documentation obligations that emanate inter alia from commercial and tax laws. The periods and deadlines for retention and/or documentation stipulated therein range between six, seven and ten years from the end of the contractual relationship or the pre-contractual relationship, and in exceptional cases even 50 years – depending on the applicable national law.
Further, special statutory provisions may require longer retention such as for example the preservation of evidence in connection with statutory time-barring provisions.
If the data is no longer required to meet contractual or statutory obligations and rights, it is regularly deleted unless its further processing - for a limited period - is necessary to fulfil the purposes listed in section 2.2 due to an overriding legitimate interest. Such overriding legitimate interest is deemed to exist, for example, if it is not possible, or only possible with a disproportionate effort, to delete the data as a result of the special type of storage and provided that the processing for other purposes is excluded by appropriate technical and organizational measures.
6. Processing of your data in a third country or by an international organization
Data is transmitted to offices in countries outside the European Union (EU) or the European Economic Area (EEA) (so-called third countries) if necessary to fulfil your order or the contract with you, if required by law (e.g. notification obligations under tax law), if it is in the legitimate interest of us or of a third party or if you have given us your respective consent.
For that matter, your data may be processed in a third country, possibly also with the involvement of service providers in the framework of processing of the order. Insofar as no decision has been issued by the EU Commission regarding the existence of a reasonable level of data protection for the respective country, we warrant that your rights and freedoms will be reasonably protected and guarantied in accordance with EU data protection requirements through contractual agreements to this effect. We will provide you with detailed information upon request.
You can request information on the suitable or reasonable guarantees and the possibility to receive a copy of these from the company data protection officer.
7. Your data protection rights – you can assert your data protection rights against us under certain conditions and under consideration of possible specific national rules
If possible, your applications concerning the exercise of your rights should be sent in writing to the address stated above or be addressed directly to our data protection officer.
- You have the right pursuant to Art. 15 GDPR to receive information from us on the data concerning your person that we store.
- If you so request, we shall correct stored data on you in accordance with Art. 16 GDPR if such data is incorrect or flawed.
- If you so desire, we shall delete your data in accordance with the principles of Art. 17 GDPR if such is not prevented by other statutory provisions or an overriding interest on our part (e.g. to defend our rights and claims).
- Under the conditions laid down in Art. 18 GDPR, you can demand that we restrict the processing of your data.
- Further, you can file an objection to the processing of your data in accordance with Art. 21 GDPR, as a result of which we have to stop processing your data. This right of objection only applies, however, in the event of extraordinary circumstances in your personal situation, whereas the rights of our company may run counter to your right of objection.
- You also have the right to receive your data in accordance with the conditions of Art. 20 GDPR in a structured, commonplace and machine-readable format or transmit such data to a third party.
- You further have the right to revoke your consent to process personal data that has been issued to us at any time with effect for the future (see section 2.3).
- In addition you are entitled to file a complaint with a data protection supervisory authority (Art. 77 GDPR). We recommend, however, to always send a complaint to our data protection officer before.
8. Scope of your obligations to provide us your data
You only need to provide data that is necessary for the commencement and performance of the business relationship or for a pre-contractual relationship with us or the collection of which we are required by law. Without this data, we will regularly not be able to conclude or fulfil the agreement. This may also relate to data required at a later stage within the business relation. If we request data from you above and beyond this, you shall be informed about the voluntary nature of the information separately
9. Presence of an automated decision-making in individual cases (including profiling)
We do not use any purely automated decision-making procedures as set out in Article 22 GDPR. However, should we institute such a procedure in individual cases in the future, we shall inform you pursuant hereto separately if this is required by law.
Under certain circumstances, we may process your data partly with the aim of evaluating certain personal aspects (profiling).
In order to provide you with targeted information and advice on products, we may use evaluation tools. These enable a needs-oriented product design, communication and advertising including market and opinion research.
Such procedures can also be used to assess your solvency and credit-worthiness as well as to combat money laundering and fraud. "Score values" can be used to assess your solvency and credit-worthiness. In the case of scoring, the probability with which a customer will meet his payment obligations in accordance with the contract is calculated using mathematical methods. Such score values thus support us, for example, in assessing the credit-worthiness, in our decision-making in the context of product deals and are incorporated into our risk management. The calculation is based on mathematically and statistically acknowledged and proven methods and is based on your data, in particular income, expenditure, existing liabilities, profession, employer, length of service, experience from the previous business relationship, repayment of previous loans in accordance with the contract and information from credit agencies.
Information on nationality and special categories of personal data according to Art. 9 GDPR is not processed.
Information on your right of objection under Art. 21 GDPR
- You have the right to file an objection at any time against processing of your data which is performed on the basis of Art. 6, section 1 f GDPR (data-processing on the basis of a weighing out of interests) or Art. 6, section 1 e GDPR (data-processing in the public interest), provided that there are reasons for your objection emanating from your special personal situation. This also applies to profiling based on this provision in the meaning of Art. 4, no. 4 GDPR.
If you file an objection, we shall no longer process your personal data unless we can demonstrate compelling reasons for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
- We may also use your personal data in order to perform direct advertising. If you do not want to receive any advertising, you have the right to file an objection to such at any time. This also applies to the profiling to the extent that it is connected with such direct advertising. We shall respect this objection with effect for the future.
We shall no longer process your data for the purpose of direct advertising if you object to processing for this purpose.
The objection can be filed without to any form requirements and should, if possible, be sent to:
DALLI-WERKE GmbH & Co. KG
or MÄURER & WIRTZ GmbH & Co. KG
Zweifaller Str. 120
E-Mail-Address: firstname.lastname@example.org or email@example.com
Part 2: Additional data protection information regarding the website
Thank you for visiting our website. In the following we set out which data we collect during your visit on our website and how exactly this data is used. This data privacy statement applies to all websites accounted for by DALLI-WERKE GmbH & Co. KG or affiliated companies, or by Mäurer & Wirtz GmbH & Co. KG or affiliated companies, respectively.
1. Data collection and processing
When you visit our website, our webservers temporarily save every access in a log file. The following data will be collected and stored until automatically deleted:
- Date and time of access
- Name and URL of the retrieved file
- Transferred data volume
- Notification on whether the call was successful
- Identification specification data of the used browser- and operating system
- IP address of the calling processor
- Website from which access is made
- Name of your internet access provider.
Processing of this data takes place in order to enable the use of the website (connection establishment), for system security and for technical administration of the network infrastructure.
The IP address will only be analyzed in the event of attacks on our network infrastructure or for other data security reasons.
2. Use of personal data
The personal data you provide us via our website (e.g. your name and address or your e-mail-address) is processed for correspondence with you as well as for the purpose for which you have provided us with the data (e.g. in the framework of a request, an order of dosing aids or a promotional competition).
If you order services or products from us, without your separate consent your personal data will only be used insofar as it is necessary for the provision of the service or for the performance of the contract.
This includes, in particular, the forwarding of your data to transport companies, credit companies or other service providers used for the provision of the service or for the fulfillment of the contract.
Beyond this, a use of this data for occasional offers to you via post or e-mail in order to inform you about new products or other services that might be of interest to you or about sales promotions of our company, only occurs insofar as legally permissible or where you have given us prior consent. Any use of your personal data shall be only in accordance with the before-mentioned purposes and only to the extent necessary to achieve these objects.
You can object to the receipt of advertisement from DALLI-WERKE GmbH & Co. KG or affiliated companies, or from Mäurer & Wirtz GmbH & Co. KG or affiliated companies, respectively, at any time by informing us correspondingly under the below-mentioned contact or e-mail-address. Consent given can also be revoked at any time by information to the below-mentioned contact or e-mail-address.
If we send you a newsletter upon your request, you thereby receive information on our offers and promotions or – insofar as mentioned – offers and promotions of our cooperation partners. You can cancel the newsletter at any time via the cancellation link on the newsletter without incurring any cost apart from the transfer cost according to the standard rates.
4. Transfer of personal data
The transfer of personal data to state offices or authorities only occurs in accordance with legal provisions or when the transfer is necessary for claiming our rights or for law enforcement in the event of attacks on our network infrastructure. Service-providers possibly involved in the framework of the execution only receive the data necessary to fulfil their tasks and they are equally subject to confidentiality obligations as our own staff members are. A transfer to other third parties only occurs insofar as legally permissible. Beyond this, your data will not be transferred to third parties.
DALLI-WERKE GmbH & Co. KG and Mäurer & Wirtz GmbH & Co. KG use appropriate technical and organizational security measures to protect your personal data administered by us from accidental or deliberate manipulation, loss, destruction and unauthorized access. Our security measures are continually improved according to technological development.
Cookies are small text data files which are saved on the computer of the internet user. They serve the steering of the internet connection during your visit on our websites. At the same time we receive information via these cookies that allow us to analyze your use of the website in order to optimize our website with a view to the needs of our visitors. Cookies are partly saved by your browser only for the duration of your visit on the website (session cookies), but partly for a longer period (persistent cookies).
7. Use of Webfonts by MyFonts.com
Certain websites we are responsible for use MyFonts Webfonts, in oder to improve the optical presentation of the information contained on the websites concerned. The fonts of Myfonts.com are stored as Webfonts on the affected server. When the page is opened, for licensing reasons a meter at MyFonts (MyFonts Inc., 500 Unicorn Park Drive, Woburn, MA 01801, USA) is called via your internet browser, and this way MyFonts also receives knowledge of your IP address. If your internet browser does not support the MyFonts Webfonts or prevents access thereto, our website will instead appear with a standard font. Further information on the MyFonts Webfonts and on privacy are available at http://www.myfonts.com/info/webfonts
8. Amendment of the data protection rules
The further development of our website or the implementation of new technologies and other things might require an amendment of this data privacy statement. We therefore reserve the right to amend our data privacy statement at any time with effect for the future. We therefore recommend you to read the current data privacy statement from time to time.
The information on data protection about our data processing according to Articles 13, 14 and 21 GDPR and the additional data protection information regarding the website, respectively, may change from time to time. All changes will be published on this page. We provide older versions in an archive to be viewed.