Contact us monday to friday from 9a.m. to 5p.m. +49 351/47791-0

Data Protection

The task of safeguarding your privacy is extremely important to us. Therefore, we follow the statutory regulations of European and German data protection law in relation to all data protection activities (e.g. collecting, processing, and transferring data).

Table of contents

1. General information

DUALIS GmbH IT Solution takes the protection of your personal data very seriously. Hence, we handle your personal data as confidential information and in compliance with the statutory data protection regulations and this Data Protection Declaration.

This policy applies to the processing of personal data in connection with your visit to our websites and to other data processing in companies belonging to the Dürr Group. You can find a list of the companies in the Dürr Group in the annex.

Data protection information concerns personal data from the prospective customers, customers and business partners of our company who are natural persons and all other natural persons who are in contact with us, for example representatives or employees of legal entities, as well as visitors to our website and, for example, persons who may be interested in registering to receive our newsletter.

A variety of personal data is collected when you use our website or contact our company. Personal data comprises any data by which you could be personally identified. This Privacy Policy explains what information we collect and what we use it for. It also explains how and for what purpose this is done.

1.1 For what purpose are my data processed?

We use the personal data you supply to answer your inquiries, provide services, process your orders, and develop and manage our business relationship with you, your company, or your employer. You can find details in sections 2-4.

1.2 How and for what purpose are my data disclosed to third parties?

We only disclose or otherwise transfer your personal data to third parties if this is necessary for the purposes of establishing a contractual relationship, entering into or implementing a contract, invoicing, collecting charges (for example, shipping companies or payment service providers), asserting our claims or in the course of the (partial) sale of our company.

In addition, we are authorized by order of the competent public authority in each specific case to provide information about data to the extent that this is necessary for the purposes of criminal prosecution, for the prevention of danger by the police authorities of the federal states, in performance of the statutory tasks imposed by the federal and state constitutional protection authorities, the Federal Intelligence Service (Bundesnachrichtendienst), or the Military Counterintelligence Service (Militärischer Abschirmdienst), or for the enforcement of intellectual property rights.

In these cases, the legal basis is Art. 6(1)(f) GDPR, where our legitimate interest is identical with the purposes described or where you are our contractual partner and are not entering into the contract on behalf of a company, Art. 6(1)(b) GDPR.

We can also disclose or transfer your data to third parties if you have given your explicit consent to this. The legal basis in this case is Art. 6(1)(a) GDPR.

The recipients of the data are also service providers that we use for the purposes of our business (in particular, IT service providers, web hosting companies, marketing firms, advertising agencies, legal advisers).

1.3 The rights of data subjects

If your personal data are processed, you are a data subject as defined by the GDPR and you have the following rights in relation to the data controller:

a) Access, rectification, restriction of processing, and erasure

You have the right, at any time and free of charge, to access your personal data stored by us and to obtain information about the source and recipients of the data and the purpose of the data processing via our websites. Furthermore, you have the right to the rectification, erasure, and restriction of processing of your personal data, provided that the statutory requirements for this are met.

b) Right to data portability

You have the right to receive your personal data, which you have provided to us as the data controller, in a structured, commonly used, and machine-readable format. We can fulfill this right by providing an export of your personal data that we have processed.

c) Right to information

If you have exercised your right to have the data controller rectify, erase, or restrict data processing, the controller is obliged to inform all the recipients of your personal data of the rectification, erasure, or restriction of processing unless this proves impossible or involves a disproportionate effort.

You have the right to be informed by the controller about these recipients.

d) Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of the personal data concerning you, that may be processed in accordance with Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

If you object, the controller will no longer process your personal data unless the controller has compelling, legitimate reasons for processing that override your interests, rights, and freedoms, or unless the processing serves to assert, exercise, or defend legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of this marketing; this also applies to profiling, to the extent that it is associated with this direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the option to exercise your right of objection in connection with the use of information society services by means of automated procedures using technical specifications, notwithstanding the provisions of Directive 2002/58/EC.

e) Withdrawal of declarations of consent under data protection law

In addition, you may withdraw your consent at any time, with future effect, by contacting us using the contact details given below. For information about withdrawing your consent in connection with our use of cookies and similar technologies, please see section 2.3 e).

f) Profiling Automated decision-making in individual cases, including profiling

In accordance with Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

(1) is necessary for entering into or performance of a contract between you and the data controller

(2) is authorized by European Union or Member State law that the controller is subject to and that also lays down suitable measures to safeguard your rights, freedoms, and legitimate interests or

(3) is based on your explicit consent

However, these decisions must not be based on special categories of personal data according to Art. 9(1) GDPR unless Art. 9(2)(a) or (g) GDPR applies and appropriate measures have been taken to safeguard your rights, freedoms, and legitimate interests.

In the cases referred to in (1) and (3), the controller must take reasonable measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your own point of view, and to contest the decision.

g) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State where you are resident or working or where the alleged infringement occurred, if you believe that the processing of personal data concerning you infringes the GDPR.

The supervisory authority where the complaint has been lodged will inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

1.4 What security measures have we taken to protect your data?

We have adopted a large number of security measures to provide adequate and appropriate protection for personal data.

Our databases are protected by physical and technical measures as well as procedural measures that restrict access to information to specifically authorized people in accordance with this privacy policy.

Our information system is protected by a software firewall in order to prevent access from other networks connected to the Internet. Only employees who need the information to perform a certain task receive access to personal information. Our employees are trained in security and data protection practices.

When collecting and transferring data via our websites, we use standardized SSL encryption technology. In the order process, personal data are protected by SSL encryption, identifiable by the padlock icon and the prefix “https://” in the address bar.

If a password is necessary for access to our websites, you should never disclose it to third parties and you should change it regularly. In addition, when accessing our websites you should not use the same password that you also use on other websites with password-protected access (email account, online banking, etc.). When you have left our pages, you should log out and close your browser to prevent unauthorized users from accessing your user account.

If you communicate with us by email, we cannot guarantee full data security.

1.5 Transfer to third countries

If the recipients of your data and their service providers are based outside the European Economic Area (EEA) or process your data outside the EEA, we will ensure that your personal data are adequately protected (e.g. by means of an adequacy decision).

The data protection regulations that apply in countries outside the EEA may be different from those in the country where you are resident. Under certain circumstances, the national law may provide less protection than that of the country where you are resident (e.g. because national regulations allow investigative bodies more far-reaching rights of access to personal data).

WPlease note that the USA is a third country that does not provide adequate data protection. This means that the level of data protection in the USA is not comparable with that of the EU. If data are transferred to the USA, there is the risk that the US authorities will access the data via monitoring programs based on Section 702 of the Foreign Intelligence Surveillance Act, Executive Order 12333 or Presidential Police Directive 28, without EU citizens having effective legal protection against accesses of this kind.

If your personal data are transferred to third countries that do not provide adequate data protection, we will take measures to ensure that your personal data have appropriate protection in these countries (e.g. among other things by using the standard contractual clauses of the EU Commission, if necessary with additional protective measures). We can provide information about the protection mechanism via the contact details given in the first subsection of sections 2 ff.

1.6 Amendments to this privacy policy

The date of this privacy policy is given directly under the heading. We reserve the right to amend this privacy policy as required and without prior notification. You should therefore visit this page on a regular basis to find out about any amendments to this privacy policy.

2. Detailed information about visiting our websites

Below you can find out what we do with your data when you visit our websites. This section 2 applies in addition to the general information in section 1. If you cannot find the necessary information in this section 2, please refer to section 1 (e.g. concerning the rights of the data subject). If there is a conflict between section 2 and section 1, the information in section 2 takes precedence over section 1.

2.1 Who is the data controller with responsibility for processing data?

The data controller for our websites is:

DUALIS GmbH IT Solution
Breitscheidstraße 32
01237 Dresden
Deutschland

Telephon +49 (0) 351-47791-0
Fax: +49 (0) 351-47791-99

kontakt(at)dualis-it.de

You can contact our data protection officer at:  datenschutz(at)dualis-it.de.

You can also contact our data protection officer under the following address:

DUALIS GmbH IT Solution
Attn. Data Protection Officer
Breitscheidstraße 32
01237 Dresden
Germany

2.2 data are collected and stored during the use of our websites?

a) Accessing the website

When you use our websites, the following data are collected by our web hosting company. The data are stored exclusively for internal system-related and statistical purposes and are referred to as usage data:

  • Information on the type and version of the browser used
  • The IP address of the user
  • Date and time of access
  • Websites accessed by the user’s system via our website

The data are also stored in log files on our systems. These data are not stored with other personal data belonging to the user.

WordPress

We use the platform and services of WordPress.org for the visual presentation. General information on data protection at WordPress.org can be found at .
Our legitimate interest in using WordPress.org is to ensure that the website has a consistent look and feel and thus works on all devices. The legal basis for the processing is therefore Art. 6 (1) (f) GDPR.

b) Contact options / Online forms / online registration for events

For certain functions of our websites (e.g. HR inquiries/service inquiries/press contacts), you have the option of contacting us via the email addresses provided and via a contact form. In this case, the personal data of the user submitted via the contact form or in the email will be stored.

For the contact form and the transmission of data by e-mail, we use a WordPress plugin on this website. The plugin stores the form entries and thus personal data on the website server and sends the completed contact form fields to us by e-mail. If you send us inquiries using the contact form, your details from the inquiry form, including the contact details you provided there, will be stored in Salesforce for the purpose of processing the request and in case of follow-up questions.

Salesforce

Salesforce is a software from salesforce.com Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA (“Salesforce”) and is an application for automated lead management, marketing automation and sales support in the B2B business customer environment. Salesforce generally stores personal data in the United States. Salesforce has issued binding corporate rules for this purpose (available at:
https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf), which ensure that the data is transferred securely.

We use your data only to process your request and may contact you for this purpose using the contact details provided. This is also our legitimate interest in processing the data. This data will only be used for advertising purposes or passed on to third parties if you have explicitly consented to this use.

The legal basis for the processing of the data transmitted in the course of establishing contact is Art. 6 (1) sentence 1 point f GDPR. If the purpose of establishing contact is to conclude a contract with you personally, the additional legal basis for the processing is Art. 6 (1) sentence 1 point b GDPR.

Alternatively, you can contact us via the email address provided. In this case, the user’s personal data transmitted by email will be stored. The data will be used exclusively for the purpose of processing the conversation. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) point f GDPR. If the e-mail contact aims at concluding a contract, the additional legal basis for the processing is Art. 6 (1) point b GDPR.

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. For the personal data that you have provided to us for the purpose of establishing contact, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

Right to object

In section 1.3 we explain your right to object to the processing of your data on the basis of Art. 6(1)(f) GDPR.

2.3 Cookies

We use cookies on our websites. Cookies are small amounts of data in the form of text information that the web server sends to your browser. These cookies are only stored on your hard disk. Cookies can be read only by the server that previously placed them on your device. Cookies do not store any personal information, such as your name. The data stored in the cookies are not linked to your personal data (name, address, etc.).

a) Transient and persistent cookies

Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. They store a session ID, which is used to assign different requests from your browser to the joint session. This enables our website to recognize your computer next time you visit. The session cookies are deleted when you log out or close the browser.

We use transient cookies to make our website more user-friendly. Some elements of our website require the calling browser to be identified even after a page change. The following data, for example, are stored and transferred in the cookies:

  • Browser settings regarding cookies (whether they are activated or not)
  • Language settings of the user
  • Login information

We also use persistent cookies on our website that enable us to analyze users’ browsing behavior. Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie. This allows us to record and analyze the click behavior of users on our websites (the data recorded include, for example, browser data, click frequency, click-through rate, etc.).

The data collected via persistent cookies are pseudonymized using technical measures, which means that it is no longer possible to associate the data with the user. The relevant data are not stored together with other personal data belonging to the users.

b) Legal basis for the use of cookies

The purpose of using necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change.

You have no right of objection to necessary cookies, as they are essential for us to be able to show you our website and its contents, and to make the functionality of the website available to you.

The user data collected by necessary cookies are not used to create user profiles.

Technologies for increasing the functionality and for analytical and marketing purposes are used to improve the quality of our website and its content. The analysis cookies enable us to learn how the website is used and to continuously optimize our offering. Processing, in particular on your device, that is based on cookies or other identifiers (e.g. browser fingerprints, pixels, local storage) (referred to as “cookies”) and is not technically required for the function of our websites, will be carried out by us only with your consent, which you can grant via our cookie banner when visiting our websites for the first time. The legal basis for this cookie-based processing is Art. 6(1)(a) GDPR in conjunction with section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG). Cookies that are not required for the functioning of our websites will not be stored until you have given your consent.

c) Withdrawal of consent given for the use of cookies

You can withdraw your consent for the collection of data by cookies at any time. You must follow these steps to do so:

  • Open the settings for cookies on our websites via the link “Privacy Settings” in the lower right-hand corner of our website. On mobile devices you will find the link at the bottom of the page.
  • In the next window that opens, you have the option to revoke the data processing for individual categories of cookies and similar technologies (e.g. data storage in the local storage)
  • Under the link Cookie settings you will find a detailed view of the cookies used

You can also delete cookies at any time or adjust your browser’s corresponding cookie settings. For more information about how you can delete and/or manage cookies using your browser’s settings, please see your browser’s help pages. Data can also be removed from local storage by emptying your browser’s local storage

d) Processing of the data collected by us and third-party providers via analytical cookies

We use the analytical tool Google Analytics for the statistical and analytical evaluation of certain data. In principle, this involves the service recording the collected data in pseudonymized form and using them solely for statistical purposes.

We process the data collected by the analytical tool solely on the basis of your prior consent and in order to constantly improve the services and offers provided on our website and keep them available for our customers.

e) List of the cookies used

Below is a list of the individual cookies used on our websites. We make every effort to keep this table up to date. However, please note that third-party cookies can be changed without our knowledge and that there may therefore be individual differences from the table below.

Name des CookiesArt des CookiesName der AnwendungZweck des CookiesSpeicherdauer
kmconsent-cookie_1Technically requiredKM Consent CookieSaves the user’s settings from the consent tool (data protection settings)1 year
Consent-youtube, Consent-maps-google, Consent-kununuFunctionality & external mediaYoutube, map services,
kununu
Part of the two-click solution for the GDPR-compliant use of plugins; used for the recording and recognition of those users who have given their consent to the transfer of data via the plugin concerned.Up to 1 year
_pk_id.<websiteID>.<domainHash>AnalisisPiwik PROThis cookie matches all activities of one user with a specific user ID. The ID is randomly generated during a user’s first visit to our website and does not allow us to identify the individual.13 month
_pk_ses.<websiteID>.<domainHash>AnalisisPiwik PROThis cookie indicates an active session of the visitor.30 minutes
stg_last_interactionAnalisisPiwik PROIndicates whether the user’s last session is still current or a new session has been startet1 year
stg_returning_visitorAnalisisPiwik PROIndicates whether the user is already visiting the website in which case he is a “returning visitor”1 year
IDEMarketingGoogleAdsContains a randomly generated user ID. Using this ID, Google can recognize the user on different websites across different domains and display personalized ads.1 year
test_cookieMarketingGoogleAdsContains a randomly generated user ID. Using this ID, Google can recognize the user on different websites across different domains and display personalized ads.15 minutes
_gcl_awMarketingGoogleAdsThis cookie is set when a user accesses the website by clicking a Google advertisement. It contains information about which advertisement was clicked, enabling successes such as orders or contact requests to be assigned to the advertisement.90 days
_gcl_auMarketingGoogleAdsGoogle AdSense uses this cookie to adjust the advertising efficiency on websites that use its services (the cookie contains a randomly generated user ID).3 month
NIDMarketingGoogleAdsUsed to adapt advertising to Google searches. The cookie includes a unique ID that enables Google to collect users’ personal settings for advertising purposes.6 month
1P_JARMarketingGoogleAdsThis cookie collects statistics on website use and measures conversions. The cookie is also used to display relevant ads to users.30 days
OTZMarketingGoogleAdsUsed to support Google’s advertising services.1 month
DVMarketingGoogleAdsUsed to support Google’s advertising services.1 day
_gcl_gsMarketingGoogleAdsThis cookie is set when a user clicks on a Google ad to access the website. It contains information about which ad was clicked, so that achieved successes, such as orders or contact requests, can be attributed to the ad.90 days
MUIDMarketingMicrosoft AdvertisingWidely used by Microsoft as a unique user ID. The cookie allows for user tracking by synchronizing the ID in several Microsoft domains.390 days
_EDGE_SMarketingMicrosoft AdvertisingCollects information about user behavior on several websites. This information is used on the website to optimize the relevance of the advertising.Session
_clckMarketingMicrosoft AdvertisingCollects data about the navigation and the behavior of the user on the website. This data is used to create statistical reports and heat maps for the website operator.
1 year
_uetvidMarketingMicrosoft AdvertisingUsed to track users on several websites in order to display relevant advertising based on the user’s preferences.390 days
_uetsidMarketingMicrosoft AdvertisingCollects data about user behavior on several websites in order to display more relevant advertising. This also allows the website to limit the number of times the same ad is displayed.1 day
_clskMarketingMicrosoft AdvertisingRecords statistical data about the behavior of the visitor on the website.1 day
ANONCHKMarketingMicrosoft AdvertisingUsed to store the session ID of users and to check the clicks on ads in the Bing search engine. The cookie also helps with reporting and personalization.10 minutes
arMarketingMicrosoft AdvertisingMicrosoft Advertising sets this cookie to store information about how visitors interact with the website. The number of visitors, the location where they visit the website and the pages visited are recorded.1 year
MRMarketingMicrosoft AdvertisingUsed to collect user information for analysis purposes.7 Tage
MSPTCMarketingMicrosoft AdvertisingRegisters visitors data. The information is used to optimize the relevance od advertising.1 year
SMMarketingMicrosoft AdvertisingMicrosoft Advertising sets this cookie to synchronize the MUID between Microsoft domains.Session
SRM_BMarketingMicrosoft AdvertisingUsed by Microsoft Advertising as a unique ID for visitors.390 days

e) Google Tag Manager

We use Tag Manager for website tracking, delivering advertising, and displaying elements of the website of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Ireland Ltd. is a subsidiary of Google LLC with headquarters in the USA. Any Google service may transfer your data that has been collected by Google (e.g. your IP address) to the USA (for more information on third-country transfers, please refer to section 1.5). The transfer takes place on the basis of the standard contractual clauses of the EU Commission.

Google Tag Manager makes it easier for us to integrate and manage our cookies and Google tools. Google Tag Manager is also an assistant that processes even personal data only for technically necessary purposes. However, the other components uploaded by Google Tag Manager will, if necessary, process other data for other purposes that Google can combine with other data. You can find further information about Google Tag Manager in the Google privacy policy at https://policies.google.com/privacy?hl=en-US. You can find further information about Google Tag Manager at: https://www.google.com/intl/de/tagmanager/use-policy.html.

The legal basis for the related processing of data is your consent, Art. 6(1)(a) GDPR. Without your consent, we will use Google Tag Manager only for the correct display of elements of our websites (but not for tracking and advertising).

Withdrawal of consent

You can withdraw your consent to the processing of your data by the services and networks integrated via the plugins at any time with future effect if you follow the instructions in section 2.3 e).

You can also prevent the data relating to your use of the website (including your IP address) from being collected and transferred to Google and prevent Google from processing these data by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

2.4 Plugins for social media and map services

We have a presence on social media. For more information, please refer to section 3 of our privacy policy.

Here you will find information about how we integrate features and tools from social media channels and map services into our websites:

All the buttons for social networks and map services are integrated into our websites via placeholders. The buttons are only loaded when you click on the “Agreed” button in the respective placeholder. Only then will a connection be made to the servers of the relevant third-party provider and the information about your visit to our websites transferred. Before this, a text field will appear containing further information about the details of the possible transfer of data to third-party providers, with reference being made to this part of our privacy policy.

Your usage data will be transferred only when you are logged into your account on the social network or service concerned (e.g. Google account – Google Maps). By clicking on the placeholder of the button, you consent to the processing of the data as described in this section of our privacy policy.

In this case, the legal basis for the processing of your data is the consent you have given by clicking on the button, in accordance with Art. 6(1)(a) GDPR. Your consent to the transmission of data is documented in a cookie stored on your device.

Withdrawal of consent

You can withdraw your consent to the processing of your data by the services and networks integrated via the plugins at any time with future effect if you follow the instructions in section 2.3 c).

We use plugins from the following providers:

a)     YouTube (Google)

We have integrated videos and a social stream on our websites from the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (“YouTube”). YouTube is represented by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Ireland Ltd. is a subsidiary of Google LLC with headquarters in the USA. Any Google service may transfer your data that has been collected by Google to the USA (for more information on third-country transfers, please refer to section 1.5). The transfer takes place on the basis of the standard contractual clauses of the EU Commission.

Details of the YouTube plugin:

The YouTube videos on our video channel are only loaded when you click on the corresponding plugin, at which point a connection will be established with Google’s servers.

To embed videos we use the enhanced privacy mode, which imposes further restrictions on the processing of data by Google. In this case, according to Google, no information about the users of our website will be stored until these users watch the embedded video. However, it is still possible that data will be forwarded to Google partners.

Once you have activated the plugin, a connection will be established to Google’s servers and Google will collect data about which of our pages you have visited. Google collects further data about your browsing behavior when you are logged into your YouTube account. To prevent your usage data from being transferred to Google, you must log out of your YouTube account before you click on the YouTube links on our website.

You can obtain further information about the purpose and extent of data collection and the further processing and use of your data by YouTube and the data storage period from YouTube’s privacy policy. This can be found on the Internet at https://www.youtube.com/account_privacy . Here you will also find, for example, information about optional settings to protect your privacy and about your additional rights relating to the collection, processing, and use of your data by YouTube, and about how to withdraw your consent. If you do not have your own YouTube account, you can find the Google privacy policy at https://policies.google.com/privacy?hl=en-US .

b) Map service Google Maps

We use a plugin of the Internet service Google Maps on our website. The operator of Google Maps is Google Ireland Limited (for details of Google, see section 2.4 a)). Once you activate the Google Maps plugin on our website, information about the use of this website and your IP address is transferred to a Google server in the USA and also stored on this server. We have no knowledge either of the exact content of the data transferred or of how the data are used by Google. In this context, the company states that it does not connect the data with information from other Google services and the collection of personal data.

By activating the plugin, you consent to the information being collected and processed by Google as described. You can find more information about the privacy policy and terms of use for Google Maps here: https://www.google.com/help/terms_maps/

2.5 Hyperlinks to social networks

We also have links on our websites to social media platforms where we have a profile. These consist of the icons of the social media platforms that have links to our pages on the relevant platforms. Social plugins (such as the Facebook “Like” button) are not integrated in these cases.

Our links to the social media services do not result in any of your data being transferred to these services. These are normal hyperlinks that generally do not involve any transfers of data. Clicking on the link will take you directly to our social media presence with the respective social media service. Data are only transferred if you are logged into your user account with the social media service in question.

By clicking on the links, you are personally responsible for the data transfer to the above-mentioned social networks because by logging into your social network account and following the link in question, you become actively involved and initiate the subsequent processing of data by the relevant social network.

Please refer to the privacy policy for our social media presence in section 3.

2.6 Analysis services

a) Piwik PRO

We use the Piwik PRO Analytics Suite analysis tool, a cloud-based web analysis service provided by Piwik PRO GmbH in Germany, for the statistical and analytical evaluation of certain data.

We process the data collected by the analysis tool solely on the basis of your prior consent, in order to continuously improve the services and offers on our website and to ensure that they remain available for our customers. The legal basis for the data processing is Art. 6(1)(a) GDPR.

Piwik PRO uses cookies (for more information on cookies, see section 2.3). The data collected includes, for example, the truncated IP address, operating system, browser ID, browsing activity and other information. You can find more information about the data collected by Piwik PRO at https://help.piwik.pro/support/privacy/what-data-does-piwik-pro-collect/.

To exclude the possibility of the IP address being linked to an individual person, we have ensured that Piwik PRO uses only IP addresses that have been truncated by two bytes. In addition, Piwik PRO is hosted on Microsoft Azure servers in Germany (for more information about Microsoft and a possible third country transfer, see section 2.2 b) and section 1.5 above). The data is deleted after 25 months.

Piwik PRO calculates metrics such as bounce rate, page views, and sessions, among others, so we can understand how our website is being used. We can also create visitor profiles using browsing history, which enables us to analyze visitor behavior, display personalized content, and run online campaigns. Piwik PRO does not transfer website visitor data to other sub-processors or to third parties and does not use the data for its own purposes. You can find more information about data protection at Piwik PRO here and in the Piwik PRO privacy policy.

You can prevent cookies from being stored by selecting the appropriate settings in your browser. However, please note that if you do so, you may not be able to use the full functionality of this website.

Withdrawal of consent

You can prevent Piwik PRO from collecting data related to your use of the website and from processing the data in the future by following the instructions in section 2.3 e) above and withdrawing your consent.

b) Use of SalesViewer® technology

We use SalesViewer® to improve our website. As part of SalesViewer® , a javascript-based tracking code is used on our website, with the help of which the following information (hereinafter company data) is determined as part of the process described in more detail here (https://www.salesviewer.com/en/platform/data-protection/):

  • Name, origin and industry of the visiting company
  • Website from which the request comes (“bounce page”)
  • Keyword on the bounce page
  • Visitor behaviour (e.g. (sub)pages visited, time of visit, duration of visit)

We use the data collected for marketing, market research and optimisation purposes. This means that only company information is collected and processed.

The application does not collect any personal user data.

Legal basis and possibility of revocation

With the technology of SalesViewer® GmbH, we collect and store data for marketing, market research and optimisation purposes on the basis of legitimate interests (Section 6 paragraph 1 lit.f GDPR)

You can object to the collection and storage of data at any time with effect for the future by clicking on this link www.salesviewer.com/opt-out to prevent the collection by SalesViewer® within this website in the future. This will place an opt-out cookie for this website on your device. If you delete your cookies in this browser, you must click this link again

2.7 Marketing services

This technology enables us to produce reports on the effectiveness of our advertising and information on website interaction and to display targeted advertising on LinkedIn (conversion tracking), without us identifying you as a website visitor. However, LinkedIn can connect your data to your LinkedIn profile if you are logged into LinkedIn when you visit our website. We process your data to evaluate events and to collect information about website visitors who may have reached us via LinkedIn. We process your data because you have consented to this in accordance with Art. 6(1)(a) GDPR and we store your data for as long as necessary for the respective purpose (event evaluation) and provided that you have not objected to the storage of your data or withdrawn your consent. If LinkedIn transfers the data to its own parent company in the USA, this transfer takes place on the basis of the standard contractual clauses of the EU Commission. For information on third-country transfers, please refer to section 1.5.

You can object to your data being processed by LinkedIn via the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .

Withdrawal of consent

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our websites, please follow the instructions in section 2.3 c)

a) Google Ads (Google AdWords Remarketing)

On our websites we use remarketing services from Google as an online marketing measure (for details of Google, see section 2.4 b)). This allows us to show visitors to our websites ads relating to their interests on other websites in the Google advertising network, in Google searches, and on YouTube. To do this, we analyze the interactions of visitors to our websites, e.g. the offers they were interested in, in order to be able to display targeted ads to these visitors on other websites after they have visited our websites.

Google stores cookies for this purpose on the visitors’ devices. These cookies are listed in section 2.3. The visits are recorded using these cookies. In this context, we collect the following personal data of visitors to our websites: duration of visit, IP address, pages visited, content of interest to the visitor, and website usage.

The data are processed in the European Union. However, the information about your use of our websites may be transferred to a Google server in the USA or in another country outside the EU and the EEA and stored there (namely Singapore, Taiwan, or Chile). The recipients of the data are Google LLC and Alphabet Inc., both of which belong to the Google Group. If the data are transferred to the USA, there is the risk that your data will be processed by the US authorities for control and monitoring purposes, without the possibility of you being able to seek a judicial remedy. This can be the case for different purposes, e.g. storage or processing. The transfer of data to third countries that do not provide adequate data protection is based on the standard contractual clauses of the EU Commission. For information on third-country transfers, please refer to section 1.5.

For more information, please refer to the Google privacy policy at https://policies.google.com/privacy?hl=en-US .

Withdrawal of consent

We obtain your prior consent to the processing of your data (Art. 6(1)(a) GDPR), which you can withdraw at any time with future effect by following the instructions in section 2.3 c).

b) Microsoft Advertising (formerly Bing Ads)

On our website we use the Microsoft Advertising remarketing function of Microsoft Ireland Operations Limited.

With your consent (Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG)), cookies are stored on and retrieved from your end device if you access our website via a Microsoft Advertising ad. In addition, a Universal Event Tracking tag is added to our website. This is a tool that recognizes visitors and stores some data about the use of the website in combination with the cookies. This data includes the IP address, country, language settings, screen resolution, page load time, last website visited, and time spent on the website, together with the areas of the website that were accessed and the ad that led the user to the website.

Microsoft uses the data to create pseudonymized user profiles. We divide the interests of our website visitors into segments so that we can customize our advertising activities to those interests. We are informed only about the total number of users who have clicked on a Microsoft ad and been taken to the conversion page.

Microsoft uses the data it collects to provide the Microsoft Advertising service, including, if necessary, retargeting and conversions, and for its own purposes, such as for improving its services, for reporting, and for performance analysis. Microsoft deletes your personal data after a maximum of 390 days.

You can find more information about data protection and the cookies used by Microsoft Advertising at https://privacy.microsoft.com/de-de/privacystatement; Details about the cookies can also be found in section 2.3 f).

If you do not want Microsoft to use your information as described above, you can block the cookie that is required for the collection of the data. You can do this by entering your details on opt-out lists (for example at https://youradchoices.com) or by preventing any cookies from being stored automatically via the settings in your browser. In addition, you can stop Microsoft from collecting and processing the data generated by the cookie and relating to your use of the website by objecting to this via the following link http://choice.microsoft.com/de-DE/opt-out.

Withdrawal of consent
We obtain your prior consent to the processing of your data (Art. 6(1)(a) GDPR), which you can withdraw at any time with future effect by following the instructions in section 2.3 e).

2.8 Advertising messages (e.g. email newsletters, newsletter tracking)

In order to make additional information on our offering available to you, we enable you to subscribe to newsletters on some of our websites. We obtain your consent to the processing of data for the advertising messages referred to below as part of the subscription process and we refer to this privacy policy.

The legal basis for the processing of data after you have subscribed to these services is Art. 6(1)(a) GDPR. The purpose of collecting your email address is to send you the newsletter. The collection of other personal data as part of the subscription process is intended to prevent the misuse of the services or of the email address that is used.

The data are erased as soon as they are no longer needed for the purpose they were collected for. Your email address will be stored for as long as your subscription to the information service is active.

You can cancel your subscription to the services at any time. Each newsletter contains a corresponding reference to this. This also makes it possible for you to withdraw your consent to the storage of personal data collected during the subscription process.

a) Online publications of Dürr AG and newsletter tracking

It is also possible to receive information about online publications of the Dürr Group via our newsletter. The data collected from the input screen are transferred to us during the registration process.

b) CleverReach

This website uses CleverReach for the sending of newsletters. The provider is the CleverReach GmbH & Co. KG, Mühlenstr. 43, 26180 Rastede, Germany. CleverReach is a service that can be used to organize and analyse the sending of newsletters. The data you have entered for the purpose of subscribing to our newsletter (e.g. e-mail address) are stored on servers of CleverReach in Germany or in Ireland.

Newsletters we send out via CleverReach allow us to analyse the user patterns of our newsletter recipients. Among other things, in conjunction with this, it is possible how many recipients actually opened the newsletter e-mail and how often which link inside the newsletter has been clicked. With the assistance of a tool called Conversion Tracking, we can also determine whether an action that has been predefined in the newsletter actually occurred after the link was clicked (e.g. purchase of a product on our website). For more information on the data analysis services by CleverReach newsletters, please go to: https://www.cleverreach.com/en/features/reporting-tracking/ .

The data is processed based on your consent (Art. 6 Sect. 1 lit. a GDPR).  You may revoke any consent you have given at any time by unsubscribing from the newsletter. This shall be without prejudice to the lawfulness of any data processing transactions that have taken place prior to your revocation.

If you do not want to permit an analysis by CleverReach, you must unsubscribe from the newsletter. We provide a link for you to do this in every newsletter message. Moreover, you can also unsubscribe from the newsletter right on the website.

The data you archive with us for the purpose of the newsletter subscription shall be archived by us until you unsubscribe from the newsletter. Once you cancel your subscription to the newsletter, the data shall be deleted from our servers as well as those of CleverReach. This shall not affect data we have been archiving for other purposes.

For more details, please consult the Data Protection Provisions of CleverReach at: https://www.cleverreach.com/en/privacy-policy/ .

We have entered into a contract data processing agreement with CleverReach and implement the strict provisions of the German data protection agencies to the fullest when using CleverReach.

2.9 Your rights as a data subject

In section 1.3, we describe in detail the rights you have in relation to our processing of your data.

3. Privacy information relating to our social media presence

Below you can find out what we do with your data when you visit our social media pages. This section 3 applies in addition to the general information in section 1. If you cannot find the necessary information in this section 3, please refer to section 1 (e.g. concerning the rights of the data subject in section 1.3). If there is a conflict between the general information and this specific information, the information in this section 3 takes precedence over section 1.

Please note that we have provided additional information about features and tools that we use on our websites and that are supplied by social media providers (e.g. plugins, cookies, etc.) in sections 2.3-2.8.

The information below is structured as follows: Firstly, we provide you with general information in section 3.1 that applies to our presence on all social media platforms. Additional, specific information about our presence on each individual social media platform can be found in sections 3.2 to 3.7.

3.1 Who is the data controller with responsibility for processing data?

DUALIS GmbH IT Solution (details in section 2.1) maintains our social media presence. Visiting our social media pages results in a variety of data being processed. As the operator of these social media pages, we are the joint data controllers, together with the network operators, in accordance with Art. 4(7) GDPR.

a) Which social media platforms do we have a presence on?

We have a social media presence on the following networks:

  • Facebook: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Irland, (“Facebook”, details in section 3.2);
  • LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland, (“LinkedIn”, details in section 3.3);
  • YouTube: YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, vertreten durch Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland (“YouTube”, details in section 3.4);
  • Xing: New Work SE, Am Strandkai 1, 20457 Hamburg, Deutschland, (“Xing”, details in section 3.6);
  • Kununu: NEW WORK AUSTRIA, XING kununu Prescreen GmbH, Schottenring 2-6, 1010 Vienna, Austria, („Kununu“, details in section 3.6).

b) What purposes are my data processed for?

DUALIS maintains a presence on social media platforms to give you an in-depth insight into our offering and our everyday business activities with the aim of arousing your interest in us as your (future) business partner or as your (future) employer.

  • Information made public: In individual cases, Dürr can only access the information in your profile that you have made public (for example, your user name, the content published in your profile, and the actions that you take in relation to it, e.g. if you like or share a post). You can find out which information this is under your profile settings. In addition, you have the option to stop following our social media presence. If you do so, your profile will no longer appear in the list of fans (linked contacts) on this social media presence.
  • Making contact: We process your data if you make contact with us via our social media presence, e.g. if you send us a direct message via the network or if you like, share, or comment on one of our posts or if you mention us in a post or if we like, share, or comment on one of your posts. We will use your data (such as your first name, last name, message) so that our customer support can respond to your request.
  • Analysis of usage behavior: We use analysis technologies provided by the network operators to carry out statistical evaluations of the response to our social media presence from visitors. This enables us to adjust and optimize our offering to correspond with visitors’ interests. For this purpose, the network operators store cookies and similar technologies, e.g. pixels, during visits to our social media pages. Many network operators make use of third-party services (e.g. Google Analytics) for this purpose. Registered users can be identified by the network operators. As well as producing the statistics about page use that have been referred to, this processing also helps to improve the advertising displayed by the network operators via the network and on third-party pages.

The legal basis for the data processing is Art. 6(1)(f) GDPR and our legitimate interest in answering your inquiry, offering you services and products that correspond with your interests, and improving our offering and our social media presence, and adapting it to the needs and interests of our visitors. The same applies if you send us your request via a form on the network. You can find details of processing in the context of CRM in section 4.4. If social media providers store cookies or similar technologies on our website for analysis or marketing purposes, we will obtain your consent. For details, please refer to section 2.3.

Right to object

In section 1.3 we explain your right to object to the processing of your data on the basis of Art. 6(1)(f) GDPR.

Note: Processing by network operators and third parties: Please note that network operators also process the data that you have voluntarily made publicly available when you visit and use our social media presence (e.g. reading, commenting on, or liking a post). In addition, network operators also process log data (e.g. your IP address, browser and device information, most recently visited page, location, time stamp, settings). If you have logged into the network using your own profile, the network can assign these data to your profile. Partners of the network operator and third parties can also store cookies via social media networks to provide services to companies that advertise on the networks. This processing is based on the general terms and conditions and privacy policy of the network in question. You will find links to these below. We cannot track or influence processing of this kind.

3.2 Facebook (Fanpage)

DUALIS maintains a fan page on Facebook (for details of Facebook, see section 3.1 a)).

The operator of Facebook is Meta Platforms, Inc. (“Meta”, formerly Facebook, Inc.), 1601 Willow Road, Menlo Park, CA 94025, USA. On the basis of the standard contractual clauses of the EU Commission, Facebook transfers personal data to Meta (for more information on third-country transfers, please refer to section 1.5).

The Facebook terms of service that you can find at the following link apply https://www.facebook.com/terms . You will find information about data collection and other processing by Facebook in Facebook’s data policy: https://facebook.com/about/privacy/

Facebook Insights: Whenever a user makes a visit to our fan page, some of the user’s personal data are collected, e.g. by using cookies. The data are collected primarily by Facebook. You can find details of how Facebook uses cookies in Facebook’s cookie policy at: https://www.facebook.com/policies/cookies/. Visitors to our fan page who are not logged in or registered with Facebook are also recorded.

DUALIS has no direct access to the data collected by Facebook. Instead, Facebook provides us only with highly summarized evaluations, e.g.:

  • Followers: Number of people following Dürr, including the growth and development over a defined period.
  • Reach: Number of people who see a specific post. Number of interactions on a post. This indicates, for example, which content receives a better response from the community.
  • Ad performance: How many people have seen an ad?
  • Demographics: average age of visitors, gender, place of residence, language

We use these statistics, which cannot be traced to any particular user, to constantly improve our online offering on Facebook and to better meet our users’ needs. The legal basis for these usage statistics is Art. 6(1)(f) GDPR.

We cannot connect the statistical data to any of our fans’ profile data. You can go to your Facebook settings to choose how targeted ads will be shown to you.

We have reached an agreement with Facebook concerning the joint responsibility under Art. 26 GDPR. You can find the agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum . In the agreement, Facebook acknowledges the joint responsibility under data protection law with regard to the Insights data and complies with key obligations under data protection law (e.g. information from data subjects, data security and reporting breaches of data protection, main contact point for data subjects).

In this particular case, you can exercise your rights as a data subject as follows:

  • If you have questions about the data collected by Facebook, please contact Facebook (you can find information about this in the Facebook data policy, see above).
  •  If you have questions or concerns about the Insights data processed by Dürr, please contact our data protection officer (see section 2.1). You will find the remaining rights of data subjects in section 1.3.

3.3 LinkedIn

DUALIS maintains a presence on LinkedIn (for details of LinkedIn, see section 3.1 a)).

LinkedIn belongs to the LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, USA. Therefore, data can be transferred to the USA (for more information on third-country transfers, please refer to section 1.5). This transfer is covered by the standard contractual clauses of the EU Commission.

You can find more information about data protection at LinkedIn in the LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy . You will find the conditions of use of LinkedIn at: https://www.linkedin.com/legal/user-agreement .

In accordance with the agreement that we have entered into with LinkedIn (available at https://www.linkedin.com/legal/l/dpa ), LinkedIn will inform us if a user exercises their rights as a data subject under Art. 15 to 22 GDPR. LinkedIn will help us to answer requests for information. You can exercise your rights (for more information, see section 1.3) against us and against LinkedIn.

LinkedIn Page Analytics: In connection with our LinkedIn presence, we use LinkedIn Page Analytics. LinkedIn acknowledges its role as a joint controller (see the agreement that covers this and that is available at: https://legal.linkedin.com/pages-joint-controller-addendum). LinkedIn uses cookies, for example, to evaluate users’ behavior. From Page Analytics, we obtain information about the use of our content in the form of aggregated data that we cannot link to the profiles of our visitors. In the agreement referred to, LinkedIn accepts responsibility for the rights of data subjects. However, you can still contact us about this, as we explained in section 1.3.

For more information about how we use services from LinkedIn on our websites, please refer to section 2.7 a). You can object to LinkedIn processing your data for advertising purposes at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out .

3.4 YouTube

DUALIS has a channel on the YouTube platform provided by YouTube LLC (for more details, see section 3.1.a)), a subsidiary of Google LLC with headquarters in the USA.

Any Google service may transfer your data that has been collected by Google to the USA (for more information on third-country transfers, please refer to section 1.5). The transfer takes place on the basis of the standard contractual clauses of the EU Commission.

YouTube Analytics: We receive statistics about the use of our channel, including the following aggregated and therefore anonymized information:

  • Total number of video views
  • Average video views per person and trend (falling/rising and by how much)
  • Number of subscribers and trend
  • Number of visitors
  • Interactions from viewers (likes, comments, shared content)
  • Time visitors spent watching videos on the channel
  • Reach of videos
  • Percentage of videos that users watch on average

Data are processed by the network operator on the basis of the terms of service (https://www.youtube.com/static?template=terms ) and the Google privacy policy (https://policies.google.com/privacy ). You can object to your data being processed by the network operator by changing the settings of your Google account here: https://adssettings.google.com/authenticated .

You can find information about managing the privacy settings of your Google account here: https://support.google.com/youtube/topic/9257518?hl=en&ref_topic=9257107 .

The agreement that we have reached with Google about our YouTube channel allows you to exercise your rights as a data subject against us (for more information, see section 1.3) and against Google.

3.5 Xing

DUALIS has a social media presence on Xing (for details of Xing, see section 3.1 a)).

You can find information about the way in which Xing processes your data (including the use of cookies and similar technologies) in the Xing general terms and conditions (available at: https://www.xing.com/terms ) and in the Xing privacy policy (https://privacy.xing.com/en/privacy-policy ).

Analysis: We are provided with statistical evaluations (e.g. Xing BrandManager and Recruiter Insights) of the accesses to our Xing presence (including click paths). Xing uses third-party providers (e.g. Google, Adobe) for this purpose, and the data may be transferred to third countries that do not provide adequate data protection (for more information on third-country transfers, please refer to section 1.5)). We cannot identify individual visitors using these aggregated data. We use the statistical evaluations to improve the attractiveness of our presence and to adapt it to the interests of our visitors.

If users are logged into their Xing profile when they access our Xing presence, information can be assigned to the profile. In addition, we can see the information from the user account. If you want to prevent this from happening, you should log out of your own Xing profile before you visit our Xing presence.

Xing provides information about other ways to object to tracking by Xing and its service providers under the following link: https://privacy.xing.com/en/privacy-policy/information-we-automatically-receive-through-your-use-of-xing/provision-of-our-service . To exercise your rights as a data subject, please refer to section 1.3.

3.6 Kununu

DUALIS has a social media presence on Kununu (for details of Kununu, see section 3.1 a)). Kununu belongs to Xing, and the basic conditions are the same in some cases (see section 3.5).

You can find information about the way in which Kununu processes your data (including the use of cookies and similar technologies) in the Xing privacy policy (see section 3.5), which also applies to Kununu. You can find the Kununu general terms and conditions at: https://www.kununu.com/de/info/agb.

Analysis: We have access to statistical evaluations of accesses and activities on our Kununu presence. The information provided about Xing (section 3.5) also applies in this case. For information about the rights of data subjects, please refer to section 1.3.

3.8 Your rights as a data subject

In section 1.3, we describe in detail the rights you have in relation to our processing of your data.

4. Privacy information relating to other data processing by companies in the Dürr Group not in connection with the websites

Below you can find out what we do with your data in our business activities that are not connected with our websites. This section 4 applies in addition to the general information in section 1. If you cannot find the necessary information in this section 4, please refer to section 1 (e.g. concerning the rights of the data subject). If there is a conflict between section 4 and section 1, the information in section 4 takes precedence over section 1.

4.1 Who is the data controller with responsibility for processing data?

This section covers data processing by the companies in the Dürr Group that are included in this list, unless the processing is based on the provision of the website (in which case sections 2 apply).

In the annex, you will also find the contact details of the data controller (the company that you are in contact with) and its data protection officer.

Alternatively, if you have any questions or concerns relating to data protection, you can also contact the data protection officer of Dürr AG by email at dataprotection[at]durr.com or by mail at

Dürr Aktiengesellschaft
Attn: Data Protection Officer
Carl-Benz-Str. 34
74321 Bietigheim-Bissingen
Germany

In many cases that are described in detail here, two or more companies of the Dürr Group are joint controllers with responsibility for processing the data (see section 4.4, for example).

4.2 Collection, storage and use of personal data

If you enter into a contractual relationship with us (e.g. if you place an order for our goods and services or if we award a contract to your company) or if a contractual relationship with you is planned or if we make contact with or provide information to companies or if we carry out customer satisfaction studies or product surveys, we collect the following information:

  • Master data (e.g. title, first name, last name, gender)
  • Communication data (e.g. business telephone number (landline and/or cell phone), valid email address, business mailing address)
  • Survey data (comments and evaluations provided by the customer) and log data (time stamp showing when the customer responded to the survey)
  • Data provided during the use of a training portal, e.g. participation details, evaluations, test results, and comments

These data are collected:

  • to be able to identify you or your company/your employer as our customer/potential customer for our services/supplier
  • to enter into a contractual relationship with you/your company/your employer
  • to fulfill the contract subsequently entered into with you/your company/your employer
  • to correspond with you for the purpose of entering into or fulfilling a contract
  • to issue invoices if a contractual relationship involving payment is entered into
  • to improve our customer service, services, and products
  • for marketing and advertising purposes
  • for the purposes of our legitimate interests

The data are processed at your request or as part of customer satisfaction studies and product surveys, and the processing is necessary in accordance with Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR (if you work for a company) for the specified purposes in order to enter into a contractual relationship and to allow both parties to fulfill their obligations under the contract that is subsequently concluded.

If you have given your consent to us processing your data for specific purposes, such as product advertising or marketing, this is based on Art. 6(1)(a) GDPR.

In addition, your personal data are processed for the purposes of our legitimate interests in accordance with Art. 6(1)(f) GDPR, including:

  • to improve the Dürr Group’s portfolio of products and services on your behalf
  • to produce statistical evaluations
  • to be able to pass your inquiry on to one of our distributors and to guarantee that the Dürr Group’s IT systems and buildings are secure

The personal data we collect are stored until the purposes listed above no longer apply and are then erased, unless we are required to store the data for a longer period in accordance with Art. 6(1)(c) GDPR on the basis of legal retention and documentation requirements (e.g. in the German Commercial Code, Criminal Code, or Fiscal Code) or unless you have consented to the data being stored for a longer period in accordance with Art. 6(1)(a) GDPR.

4.3 Disclosure of your data

Your personal data will not be transferred to third parties except for the purposes listed below.

If this is necessary in accordance with Art. 6(1)(b) GPDR (or in accordance with Art. 6(1)(f) GDPR if you are representing a company) for the purpose of fulfilling a contract that we have entered into with you, your personal data will be transferred to third parties. These include in particular companies in the Dürr Group or its partners that we use as shipping and payment service providers or portal operators for the performance of the contract.

The data that are transferred may be used by these third parties only for the specified purposes.

In accordance with Art. 6(1)(f) GDPR, your personal data can also be transferred to third parties that we use for the purposes of our legitimate interests as described in section 4.2 (including marketing service providers, distributors, consultants, agencies, companies from the Dürr Group).

If this is necessary for us to provide a service, your personal data, which we have your consent to use for the purposes in accordance with Art. 6(1)(a) GDPR, will be transferred to partners (including advertising and shipping service providers, Dürr Group companies).

If the recipients referred to above process your data outside the EEA, please refer to section 1.5.

4.4 Joint CRM system that we operate as a joint controller

The companies in the Dürr Group operate a joint database (CRM system) and therefore act as joint controllers under the terms of Art. 26 GDPR.

You can find a list of the companies in the Dürr Group here. The data are stored only as long as required for the purpose they were collected for or as required by law or if we have a legitimate interest in storing them, for example, law enforcement.

If the data are transferred to Dürr companies outside the EEA, this is based on the standard contractual clauses of the EU Commission. Please also refer to the information on third-country transfers in section 1.5.

The CRM system is provided by Salesforce. The data are stored in the EU. Data may be transferred to companies in the Salesforce Group outside the EEA (for details of Salesforce, see section 2.2 c)). 

Internally we have drawn up a contract that divides the joint controller roles as follows: Data subjects can approach all joint controllers to exercise their rights as data subjects (for details of the rights of data subjects, see section 1.3).

The company in the Dürr Group that you provided your data to is your first point of contact. Dürr Systems AG is the controller responsible for the information obligations under Art. 13(f) GDPR and has overall responsibility for the CRM system. Within their scope of operations, the joint controllers are responsible for fulfilling the required reporting obligations and maintaining documentation; imposing confidentiality obligations on employees; explaining employees’ obligations under data protection law to them and ensuring the technical and organizational security of the data processing.

4.5 Your rights as a data subject

In section 1.3, we describe in detail the rights you have in relation to our processing of your data.

4.6 Additional data protection information from DUALIS GmbH IT Solution

In the following, we provide you with further specific data protection information for the processing of personal data in the context of our business activities away from our websites:

→ Data protection information for customers, prospective customers and business partners
→ Data protection information for photography and filming at events
→ Data protection information for job applicants
→ Data protection information for Microsoft 365 applications
→ Data protection information for Wrike