Privacy Policy

The following Privacy Policy describes how we handle your personal data in accordance with Article 13 of the EU General Data Protection Regulation (GDPR).

1. Controller

The controller responsible for the processing described below is

DIC Onsite GmbH
Neue Mainzer Straße 20 – MainTor
60311 Frankfurt am Main
Germany

Tel.: + 49 69 2193789-0
Fax: + 49 69 2193789-99
E-mail: info@dic-onsite.de

2.  General data processing when using our website

2.1. Usage data

Purposes and scope of the processing/legal bases:

When your visit our website, usage data is temporarily processed on the web server to enable you to access our website.

This data includes the following:

  • name and address of the requested content;
  • date and time of the request;
  • data volume transferred;
  • access status (content transferred, content not found);
  • description of the web browser and operating system used, including information on the selected language;
  • referrer URL, which indicates the page from which you accessed our site;
  • the IP address of the requesting terminal device.

The legal basis for the processing is Article 6(1) sentence 1 (f) GDPR and our legitimate interest in being able to provide you with an attractive and functional website.

We anonymise your IP address by truncating it in such a manner that it is no longer possible to determine an individual’s identity based on any usage data.

Recipients/categories of recipients:

For the purpose of operating and providing our website, we transfer your data to the following processors which process the data on our behalf strictly subject to our instructions and bound by contract:

  • Host Europe GmbH, Hansestrasse 111, 51149 Cologne, Germany,
  • mabu:design, Maik Burdina, Südliche Ringstraße 239, 63225 Langen, Germany.

2.2. Consent management via Borlabs Cookie consent management platform

Purposes and scope of the processing/legal bases:

Insofar as we use technically necessary cookies and similar technologies in the context of integrating the service, the legal basis for this is section 25 (2) no. 2 of the German Telecommunications Telemedia Data Protection Act (Telekommunikation-Telemedien-Datenschutz-Gesetz, „TTDSG“). The subsequent processing by Borlabs Cookie is carried out on the basis of Article 6(1) sentence 1 (f) GDPR for the purpose and in the pursuit of our legitimate interest in being able to use cookies and similar technologies on our website in a manner consistent with the requirements of data protection law and enabling you to easily and conveniently withdraw your consent.

When you configure settings via our consent banner, we process the following data:

  • the lifetime of the Borlabs Cookie cookie;
  • the version of the Borlabs Cookie cookie;
  • the address of the website from which your consent was sent;
  • the date and time of consent;
  • a pseudonym known as a randomly generated unique identifier (UID);
  • your consent status, which serves as proof of your consent.

This data is logged on our servers and stored on your terminal device in the Borlabs Cookie cookie.

This is how our website is able to check your consent status on all subsequent and future visits and how cookies and other technologies are enabled or disabled when you return to the page based on your decision to use them.

Verification takes place by matching the key and consent status from the Borlabs Cookie cookie on your terminal device with the values provided to us when you gave your consent, to ensure that the status of the consent you originally gave has not changed.

Storage time/criteria for determining storage time:

Your pseudonym (UID) and your consent status are also stored in both the browser of your terminal device in the Borlabs Cookie cookie and on our servers for a period of one year.

2.3. Cookies and similar technologies

Purposes and scope of the processing/legal bases:

Where necessary, this website uses cookies and similar technologies to store data in the browser of your terminal device and to read data that has already been stored. Cookies, your browser’s local storage, pixels and tags may be used for this purpose.

These are used for technical purposes in order to provide the content necessary for the website (essential); to store and manage any of the website visitor’s optional settings and security settings (functional and security); to track the visitor’s interactions through statistical analysis for optimising the design of the website (statistics); and to analyse and control the effectiveness of targeted advertising (marketing).

Cookies are small text files that can be stored on your terminal device and read.

There are different types of cookies, such as session cookies, which are deleted as soon as you close your browser, and persistent cookies, which are stored beyond the individual session for a certain period of time.

In addition to cookies, way may also use your browser’s local storage to store and read data there.

We may also incorporate pixels into our website. Pixels are small individualised image files that are loaded when a page loads and can be used to track user activity.

Finally, we may use tags (markers) on our website. Tags are small HTML or Java Script code fragments or markers which allow website analysis or user tracking services to distinguish or identify users and track specific user activities.

Detailed information on the cookies and similar technologies we use in the categories „essential“, „functional and security“, „statistics“ and „marketing“, in particular on the name, purpose description, domain name, provider, expiry of validity of the cookie or technology and, where applicable, information on transfers to third countries, is available on our consent management platform via the following link: Click here.

The legal basis for the use of technically necessary cookies and similar technologies in the „essential“ category is section 25 (2) no. 2 TTDSG. Subsequent data processing is based on our legitimate interests pursuant to Article 6(1) sentence 1 (f) GDPR.

The legal basis for the use of optional cookies and similar technologies in the categories „functional and security“, „statistics“ and „marketing“ is section 25 (1) TTDSG. Subsequent data processing is based on your consent given pursuant to Article 6(1) sentence 1 (a) GDPR.

Your consent is given voluntarily and may be withdrawn at any time via the following link: Click here provided at the bottom of each page. Your consent is generally valid for one year. It is stored in a cookie on your terminal device and will be requested again after that cookie is deleted, after your consent is withdrawn or after expiry of one year.

Please note that without certain cookies and similar technologies, our website may not display properly and some functions may no longer be available.

Data processing in third countries:

Cookies and similar technologies may also be used to process your data in countries outside the European Union (EU) and the European Economic Area (EEA) in third countries which do not offer an appropriate level of data protection. If your data is transferred to third countries, in particular to the USA, there is a risk that authorities there may access your data for security and surveillance purposes without you being informed or having the right to appeal.

Therefore, when transferring data to third countries, we take measures to ensure an appropriate level of data protection in accordance with Article 44 et seq. GDPR. In particular, standard contractual clauses adopted by the European Commission pursuant to Article 46(2)(c), (5) sentence 2 GDPR are agreed and other technical measures put in place. In future, the clauses will be replaced by standard data protection clauses adopted by the European Commission pursuant to Article 46(2)(c), GDPR.

Detailed information on transfers to third countries associated with the use of cookies and similar technologies is available on our consent management platform via the following link: Click here.

Recipients/categories of recipients:

Detailed information on the recipients/providers of the cookies and similar technologies is available on our consent management platform via the following link: Click here.

Storage time/criteria for determining storage time:

By integrating cookies and similar technologies on our website, data is stored on your terminal device, transferred to the specified recipients if necessary, and stored there for as long as this is required to achieve the specified purposes.

Detailed information on the storage time for cookies and similar technologies and the data processed using them is available on our consent management platform via the following link: Click here.

3.  Enquiries and contact by post, telephone, fax and e-mail

Purposes and scope of the processing/legal bases:

If you contact us directly by post, telephone, fax or e-mail, we process personal data that you provide to us as well as data associated with your selected mode of communication (e.g., name, address, e-mail address or fax, telephone number) for purposes of responding to your enquiry.

The legal basis for the processing is Article 6(1) sentence 1 (b) GDPR if processing is necessary for the performance of a contract or in order to take steps prior to entering into a contract. In the case of employees of prospective clients, suppliers and business partners, the legal basis is Article 6(1) sentence 1 (f) GDPR.

We and you have a mutual (legitimate) interest in the processing of such data so that we can respond to your enquiries, resolve any problems that may exist, provide the requested information, etc., and thus maintain and promote your satisfaction as a (potential) client.

You are free to decide what other optional information or any special category of personal data you wish to provide to us.

The legal basis for the processing is your consent given pursuant to Article 6(1) sentence 1 (a) GDPR.

Your consent is voluntary and may be withdrawn at any time with effect for the future. Please use the controller’s contact details specified for this purpose.

Storage time/criteria for determining storage time:

We process your data for as long as this is necessary to achieve the aforementioned purpose. Thereafter, we will delete your data unless processing, including in other systems where applicable, remains lawful on another legal basis or is obligatory for us (e.g., where statutory retention requirements exist).

4.  Data processing in the case of prospective clients, suppliers and business partners

4.1. General processing of business partners‘ data

Controller:

Where applicable, instead of the controller cited in section 1 above, the respective company which you contact, in whose products and services you or your company are interested, or with which you or your company already have or plan to enter into a business relationship, will be the controller responsible for collecting and processing your data as a client, business partner, supplier or prospective client or contact person for a business partner, supplier or prospective client. Please contact that company at its stated address.

Purposes and scope of the processing/legal bases:

In the context of the business relationship with you as our clients, business partners, suppliers and prospective clients, we process personal data such as name, address, e-mail address, telephone/fax number, tax ID, client number, bank account details and, where applicable, place of birth, date of birth, nationality if you have provided us with this data voluntarily, and creditworthiness data. The processing is carried out for the purposes of verifying identity, initiating, performing, managing and settling contracts, assessing creditworthiness and collateral and, in particular, preparing billing statements and credit notes or refunds, managing and enforcing claims, legal compliance, data security and in the interest of providing full customer service.

The legal basis for the processing is Article 6(1) sentence 1 (b) GDPR or, in the case of employees of prospective clients, suppliers and business partners, Article 6(1) sentence 1 (f) GDPR and Article 6(1) sentence 1 (c) GDPR.

Recipients/categories of recipients:

Your data will generally only be disclosed to third parties if you have expressly consented to the transfer in advance or we are obligated to do so by law.

The legal basis for the processing is Article 6(1) sentence 1 (a) GDPR where consent has been given or Article 6(1) sentence 1 (c) GDPR where processing is necessary for compliance with a legal obligation.

Within DIC Group[1] companies, your data will be disclosed to other entities for purposes including performing or initiating the business relationship.

The legal basis for the processing is Article 6(1) sentence 1 (f) GDPR.

The legitimate interest is to enable the other entities to perform or initiate contractual relations with you or your company.

In exceptional cases, data will be processed by processors on our behalf. These are carefully selected in each case and are also audited by us and bound by contract.

Storage time/criteria for determining storage time:

We store the data required in any given case for the duration of the business relationship with you and until expiry of the applicable limitation periods and any claims and statutory retention obligations arising therefrom.

4.2. Processing of contact persons‘ data

Purposes and scope of the processing/legal bases:

We process the contact data of contact persons at clients, prospective clients, suppliers and other business partners to enable communication by e-mail, telephone, fax and post. The legal basis for the processing is Article 6(1) sentence 1 (b) and (f) GDPR.

In this respect, we have a legitimate interest in maintaining existing or initiating new business relationships with clients, prospective clients, suppliers and other business partners and in maintaining personal contact with contact persons in the process.

Recipients/categories of recipients:

Your data will only be disclosed to third parties if you have expressly consented to the transfer in advance or we are obligated to do so by law.

The legal basis for the processing is Article 6(1) sentence 1 (a) GDPR where consent has been given or Article 6(1) sentence 1 (c) GDPR where processing is necessary for compliance with a legal obligation.

Within DIC Group companies, your data will be disclosed to other entities for purposes including performing or initiating the business relationship.

The legal basis for the processing is Article 6(1) sentence 1 (f) GDPR.

The legitimate interest is to enable the other entities to perform or initiate contractual relations with you or your company.

In exceptional cases, data will be processed by processors on our behalf. These are carefully selected in each case and are also audited by us and bound by contract.

Storage time/criteria for determining storage time:

Personal data will be stored for the purpose of performing business relationships for as long as a legitimate interest therein exists.

4.3. Data processing for marketing purposes

Purposes and scope of the processing/legal bases:

DIC Group companies use personal data for marketing purposes, in particular for advertising by e-mail, telephone and post. The purpose of data processing in connection with marketing activities is to inform data subjects about the products and services offered by the DIC Group.

The legal basis for sending advertising material by post is Article 6(1) sentence 1 (f) GDPR. In this respect, we have a legitimate interest in sending (prospective) clients information about products and services.

The legal basis for e-mail and telephone marketing activities is generally Article 6(1) sentence 1 (a) GDPR and a separate declaration of consent given by you. Specific provisions may additionally apply in the case of marketing activities aimed at existing clients.

You may object to the receipt of advertising material at any time with effect for the future or withdraw any consent given by sending a message to that effect to ir@dic-asset.de or info@dic-onsite.de.

Recipients/categories of recipients:

No data is disclosed to third parties outside DIC Asset AG or the DIC Group.

Whenever external processors are used to send advertising material, they are bound by contract and audited to ensure that appropriate organisational and technical security measures are in place.

Within DIC Group companies, your data may be disclosed to other entities for marketing purposes.

The legal basis for the processing is Article 6(1) sentence 1 (f) GDPR.

The legitimate interest is to enable the other entities to perform or initiate contractual relations with you or your company.

Storage time/criteria for determining storage time:

If you object to the receipt of advertising material, your data will be blocked immediately and then deleted, unless it is also stored for other purposes.

5.  Data processing on our social media sites

Joint controllers:

Where applicable, instead of the controller cited in section 1 above, the respective company specified in the legal information section on our respective social media site is the controller responsible for collecting and processing your data on our social media sites. Please contact that company at its stated address.

Social media sites may, for example, be operated on the following platforms:

The information on data processing on our social media sites also applies to other sites on other platforms, insofar as they are linked to this Privacy Policy.

In addition to the company specified in the legal information section on our respective social media site, the operator of the respective social media platform also acts as controller responsible for processing your personal data (joint controllers).

Insofar as we are able to influence this and parameterise the data processing, we work within the scope of our available options to ensure that the operator of the social media platform handles the data in a manner consistent with the requirements of data protection law. In this context, please also refer to the privacy policies of the respective social media platform.

Purposes and scope of the processing by us/legal bases:

Any data that you enter or post on our social media sites, such as user names, comments, videos, images, likes, public messages, etc., is published by the social media platform and is at no time processed by us for other purposes. We merely reserve the right to delete content should this be necessary. In some cases, we share your content on our site if this is a feature of the social media platform and we communicate with you via the social media platform.

If you send us an enquiry via the social media platform, depending on the content, we may also refer you to other more secure communication channels that guarantee confidentiality. For example, you can always send your enquires to us using the contact addresses specified in the legal information section on our respective social media site. In this respect, you are responsible for choosing the appropriate communication channel.

The legal basis for processing your data is Article 6(1) sentence 1 (f) GDPR. We have a legitimate interest in processing the data for our corporate public relations purposes and being able to communicate with you.

Some social media platforms generate statistics based on usage data and contain information about your interaction with our social media site. We cannot influence or prevent such statistics from being generated and made available. However, we do not utilise optional statistics from the social media platform.

We process this information on the basis of Article 6(1) sentence 1 (f) GDPR and our legitimate interest in validating the use of our social media sites and better tailoring our content to the respective target audience.

We also occasionally use those social media platforms to display targeted ads.

For this purpose, we use target group definitions made available to us by the social media provider. We only use anonymous target group definitions, defining attributes based for example on general demographics, behaviour, interests and connections. The social media platform operator uses these to display ads targeted to its users.

The legal basis for this is the consent given to the social media platform operator by its users. Should you wish to withdraw your consent, please avail yourself of the options furnished for this purpose by the provider of the social media platform, as the social media platform operator is the controller responsible for the processing in this case.

Occasionally, we or the provider of the social media platform also use publicly available data for the purposes of defining target groups. The legal basis for the processing in that case is Article 6(1) sentence 1 (f) GDPR. In this respect, we have a legitimate interest in defining a target group as accurately as possible. Under no circumstances do we ever use sensitive categories of personal data (as referred to in Articles 9 and 10 GDPR) for the purposes of defining target groups.

We do not use any target group definitions based on location data. We do not disclose any personal data to the social media platform operator in the context of defining target groups.

Occasionally, we also use information about visits to or interaction with other sites (remarketing) to define target groups. We also use cookies for this purpose, among other things. However, in such cases we use a consent banner on those other sites to first obtain the user’s consent and then provide information about the data processing. You may withdraw that consent at any time by re-selecting the consent banner (consent management platform) for the relevant website.

If you wish to object to a particular data processing operation over which we have control, please use the contact details provided in the legal information section on our respective social media site.

Storage time/criteria for determining storage time:

We delete your personal data when the data is no longer required for the aforementioned purposes of processing and no statutory retention requirements exist that would prevent us from so doing.

Data processing by the social media platform operator:

The social media platform operator employs web tracking technologies. Web tracking may take place regardless of whether you are logged in to or registered with the social media platform.

Therefore, please be advised that the provider of the social media platform may use your profile and browsing data to analyse your habits, personal relationships, preferences, etc. We have no influence on the processing of your data by the social media platform provider in this respect. Therefore, use of the social media platform is at your own risk.

For more detailed information on data processing by the social media platform provider, configuration options to protect your privacy, further opt-out options and any data processing agreement entered into pursuant to Article 26 GDPR, see the privacy policies of the specified providers:

Insofar as the aforementioned privacy policies are also linked on other social media sites on other platforms, see the privacy policy of the respective provider for more detailed information on data processing by the social media platform provider, configuration options to protect your privacy, further opt-out options and any data processing agreement entered into pursuant to Article 26 GDPR.

6.  Voluntary provision of your data

You are under no contractual or legal obligation to provide your personal data.

However, in certain cases this is necessary to allow us to respond to your enquiry or so that you can use or access the services we offer.

If you do not provide your personal data, we may not be able to respond to your enquiry, you may not be able to use the services offered, or we may not be able to process your application.

Excepted herefrom are, of course, those data processing operations that are based solely on your consent, which is always freely given. You may withdraw any consent you have given at any time with effect for the future.

7.  Your rights

You have certain rights under the GDPR with respect to the processing of your personal data:

7.1. Right of access (Article 15 GDPR)

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to obtain information about such personal data and to the specific information set out Article 15 GDPR.

7.2. Right to rectification (Article 16 GDPR)

You have the right to have any inaccurate personal data be corrected without undue delay and to have any incomplete personal data completed.

7.3. Right to erasure (Article 17 GDPR)

You also have the right to have your personal data erased without undue delay where one of the grounds set out in Article 17 GDPR applies, e.g., where the personal data is no longer required for the purposes for which it was collected or processed.

7.4. Right to restriction of processing (Article 18 GDPR)

You have the right to have processing restricted where one of prerequisites set out in Article 18 GDPR applies, e.g., where you have objected to the processing pursuant to Article 21 GDPR or pending verification of whether our legitimate interests override your interests as the data subject.

7.5. Right to data portability (Article 20 GDPR)

In certain cases specified in detail in Article 20 GDPR, you have the right to receive your personal data in a structured, commonly used and machine-readable format and to have that data transferred to a third party.

7.6. Right to object (Article 21 GDPR)

Where data is collected on the basis of Article 6(1) sentence 1 (f) GDPR (processing necessary for legitimate interests), you have the right to object to the data processing at any time on grounds relating to your particular situation. In such case, we will no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

7.7. Right of withdrawal (Article 7(3) sentence 1 GDPR)

If your personal data is processed on the basis of consent given pursuant to Article 6(1) sentence 1 (a) GDPR, you have the right to withdraw your consent pursuant to Article 7(3) sentence 1 GDPR. You may withdraw your consent at any time with effect for the future.

7.8. Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

Under Article 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes data protection law. The right to lodge a complaint with a supervisory authority may be exercised in particular in the member state of your habitual residence, place of work or place of the alleged infringement.

The competent supervisory authority for us is the Commissioner for Data Protection and Freedom of Information of Hesse, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany.

8.  Contact details of the data protection officer

Our company data protection officer will be happy to provide you with information or suggestions on the subject of data protection and may be contacted at:

datenschutz süd GmbH
Subject: „DIC Asset AG“
Wörthstraße 15
97082 Würzburg, Germany

E-mail: office@datenschutz-sued.de
Telephone: +49 (0)931 304 976 0
Web: www.datenschutz-nord-gruppe.de

9.  Amendment of this Privacy Policy

This Privacy Policy was last updated on 19.01.2023.