d-fine does not use tracking and uses only necessary cookies on our website.   [ MORE ]

Data privacy policy

Preamble

We only process your personal data (e.g. title, name, address, email address, telephone number) in accordance with the provisions of German and European (EU) data protection legislation. The following sections inform you about the purposes, recipients, legal basis and storage periods for data processing, as well as about your rights and who the controller is. This data protection statement only applies to our websites. If you follow links on our pages to other websites, please refer to those sites for details of how they handle your data.

 

Table of Contents:

§ 1 Controller for data processing

§ 2 Contact details for our data protection officer

§ 3 Business Services

§ 4 Providing online services and webhosting

§ 5 Management of contacts and enquiries

§ 6 Use of cookies

§ 7 Social media platforms

§ 8 Data protection for job applications

§ 9 Rights of the data subject

 

Sect. 1 Controller for data processing

d-fine GmbH

An der Hauptwache 7

D-60313 Frankfurt

Telephone: +49 69 90737-0

info[at]d-fine.com 

 

Sect. 2 Contact details for our data protection officer

An der Hauptwache 7

D-60313 Frankfurt

dataprotectionofficer[at]d-fine.com

 

Sect. 3 Business services

We process data from our contractual and business partners, e.g. customers and potential customers (known collectively as “contractual partners”) in the course of contractual and similar legal relationships and related activities, and in the course of communicating with contractual (or precontractual) partners, e.g. to answer enquiries.

We process these data to meet our contractual obligations. They particularly include obligations to perform the agreed services, any update obligations and assistance with warranties and other disruptions or breaches of contract. In addition, we process the data to protect our rights and for the purpose of administrative tasks related to these obligations and of company organisation. Furthermore, we process the data on the basis of our legitimate interests in orderly and efficient business management and in security measures to protect our contractual partners and our business operations against abuse, risks to your data, secrets, information and rights (e.g. to involve telecommunications, transport and other providers, as well as subcontractors, banks, tax and legal advisers, payment services providers and tax authorities). In accordance with applicable law, we only pass on the data of contractual partners to third parties to the extent necessary for the aforementioned purposes or to comply with legal obligations. Contractual partners are notified of other types of processing, e.g. for marketing purposes, in this data protection statement.

We tell contractual partners which data are necessary for the aforementioned processes before or when the data is collected, e.g. in online forms, by means of specific labels (e.g. colours) or symbols (e.g. asterisk or similar) or in person.

We erase the data at the end of statutory warranty periods and similar obligations, i.e. as a rule after four years, unless the data are stored in a customer account, e.g. for as long as they have to archived by law. The statutory retention period is ten years for tax-relevant documents, commercial accounts, inventories, opening balance sheets, financial statements, the instructions needed to understand these documents and other organisational documents and accounting receipts; and six years for commercial correspondence received and copies of commercial correspondence sent. The period begins at the close of the calendar year in which the last entry was made in the accounts, the inventory, the opening balance sheet, the financial statements or management report, the commercial correspondence was received or sent or the accounting receipt was generated, the record was made or other documents created.

Insofar as we use third-party providers or platforms to perform our services, the terms and conditions and data protection policies of the third-party providers or platforms apply to legal relations between the users and the providers.

Types of data processed: Master data (e.g. name, addresses); payment data (e.g. bank accounts, invoices, payment history); contact details (e.g. email, telephone numbers); contract data (e.g. subject of contract, duration, customer category).

Data subject: Potential customers; commercial and contractual partners.

Purpose of processing: To perform contractual services and meet contractual obligations; contact requests and communication; office and organisational processes; management of and replies to enquiries.

Legal basis: Performance of contract and precontractual requests (Art. 6 (1) b) GDPR); legal obligation (Art. 6 (1) c) GDPR); legitimate interests (Art. 6 (1) f) GDPR).

 

Sect. 4 Providing online services and webhosting

We process user data in order to provide them with our online services. For this purpose we process the user’s IP address, which is required to transmit the contents and functions of our online services to the user’s browser or device.

  1. Types of data processed: Usage data (e.g. websites visited, interest in contents, access times); meta, communication and process data (e.g. IP addresses, time stamps, identification numbers, consent status).
  2. Purpose of processing: Provision of our online services and ease of use; IT infrastructure (operating and provision of information systems and technical equipment (computers, servers, etc.).); security measures.
  3. Legal basis: Legitimate interests (Art. 6 (1) f) GDPR).
  4. Further information about processing, procedures and services:
  5. Collection of access data and logfiles: Access to our online services is recorded in server logfiles. The server logfiles may include the address and name of the websites and files visited, the data and time of the visit, data volume transferred, report on successful visit, browser type and version, the user’s operating system, the referrer URL (the page you were visiting which directed you to our website), and generally IP addresses and the requesting provider. Server logfiles may be used both for security purposes,e.g. to avoid a server overload (particularly in the case of DDoS attacks), and to ensure the capacity and stability of the servers; legal basis: Legitimate interests (Art. 6 (1) f) GDPR); erasure of data: Logfile information is stored for a maximum of 30 days and then erased or anonymised. Data that must be retained as evidence is not deleted until the incident has been definitively clarified.
  6. Mittwald: Services to provide IT infrastructure and related services (e.g. storage capacity and/or computing capacities); service provider: Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4-6, 32339 Espelkamp, Germany; legal basis: Legitimate interests (Art. 6 (1) f) GDPR); website: www.mittwald.de; data protection statement: www.mittwald.de/datenschutz; data processing contract: www.mittwald.de/faq/service-informationen/faq/datenschutz-alles-wichtige-zur-dsgvo.

 

Sect. 5 Management of contacts and enquiries

When they contact us (e.g. by post, contact form, email, telephone or social media) and in the context of existing user and business relationships, the data of the person making the contact are processed to the extent necessary to answer the enquiry and any activities requested.

  1. Types of data processed: Contact data (e.g. email, telephone numbers); content data (e.g. entries in online forms); usage data (e.g. websites visited, interest in contents, access times); meta, communication and process data (e.g. IP addresses, time stamps, identification numbers, consent status).
  2. Legal basis: Legitimate interests (Art. 6 (1) f) GDPR); performance of contracts and precontractual enquiries (Art. 6 (1) b) GDPR).

 

Sect. 6 Use of cookies

Cookies are small text files or other storage notes that save information on devices and read information from devices. Cookies can be used for various purposes, e.g. to ensure the functionality, security and convenience of online services and to analyse visitor traffic.

We use cookies in accordance with the statutory provisions. We therefore obtain the user’s prior consent, unless this is not required by law. Consent is particularly not necessary if the storage and analysis of information, i.e. also of cookies, is absolutely necessary to provide the users with the telemedia service (so also our online services) that they have explicitly requested. Absolutely necessary cookies generally include cookies that serve to display and run the online services, to manage capacity, ensure security, store user preferences and options and similar purposes related to the provision of the main and subsidiary functions of the online service requested by the user. The revocable consent is clearly communicated to users and includes information about the use of the respective cookies.

  1. Notes on the legal basis in data protection law: The legal basis in data protection law on which we process users’ personal data by means of cookies depends on whether we ask users for their consent or not. If users consent, the legal basis for processing their data is their consent. Otherwise, the data processed using cookies are processed on the basis of our legitimate interests (e.g. in the efficient operation of our online services and the improvement of its usability), or if it takes place in the context of performing our contractual obligations, if the use of cookies is necessary to perform our contractual obligations. We provide information about the purposes for which we process cookies in the course of this data protection statement or as part of our consent and processing procedures.
  2. Duration of storage: In terms of storage duration, a distinction is made between the following types of cookie: a) temporary cookies (also: session cookies): temporary cookies are deleted at the latest when a user exits the online service and closes their device (e.g. browser or mobile app); b) permanent cookies: permanent cookies remain stored after the device has been closed. This makes it possible to store the log-in status, for example, or to display preferred contents straight away when the user visits the website again. User data collected by means of cookies can also be used to measure range. If we do not give users any explicit information about the type and storage duration of cookies (e.g. when obtaining their consent), they should assume that the cookies are permanent and the duration of storage may be up to two years.
  3. General information about revocation and objection (“opt-out”): users can withdraw their consent and object to processing at any time in accordance with the statutory provisions. To do so, users can restrict the use of cookies in their browser settings (which may also restrict the functionality of our online services).

 

Sect. 7 Social media platforms

We maintain an online presence in various social networks and process user data in this context in order to communicate with users active there or to provide information about us.

We advise users that in this context their data may be processed outside the European Union. This may give rise to risks for users, because it is more difficult for them to assert their rights, for example.

In addition, user data are generally processed within social networks for market research and advertising purposes. This may entail creating user profiles based on the websites visited and the user interests these reveal. User profiles can in turn be used to show advertising inside or outside the networks that is assumed to reflect the users’ interests. For these purposes, cookies are generally stored on the user’s computer that record the user’s viewing patterns and interests. Furthermore, data may also be stored in the user profiles regardless of the devices used (particularly if the users are members of the respective platforms and have logged in to them).

For a detailed description of the various types of processing and opt-outs, we refer to the data protection/privacy policies and information from the operators of the respective networks.

Users are also advised that the most effective way to request information and assert their rights as data subjects is to approach the providers. Only the providers have access to the respective user data and can take the corresponding measures and provide information directly. If you should still need assistance, you can ask us.

Legal basis: Legitimate interests (Art. 6 (1) f) GDPR).

Further information about processing, procedures and services:

  1. Instagram: social network; service provider: Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland; legal basis: Legitimate interests (Art. 6 (1) f) GDPR); website: www.instagram.com; data protection statement: instagram.com/about/legal/privacy; basis for third-country transfers: Data Privacy Framework (DPF).
  2. LinkedIn: social network; service provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; legal basis: Legitimate interests (Art. 6 (1) f) GDPR); website: www.linkedin.com; data protection statement: www.linkedin.com/legal/privacy-policy; basis for third-country transfers: Data Privacy Framework (DPF); opt-out: www.linkedin.com/psettings/guest-controls/retargeting-opt-out; further information: We and LinkedIn Ireland Unlimited Company are joint controllers for the collection (but not processing) of user data for the purpose of generating “Page Insights” (statistics) for our LinkedIn profiles.
  3. These data include information about the types of contents that users view or interact with, about action taken by them and information about the users’ devices (e.g. IP addresses, operating system, browser type, language settings, cookie data) and information from the user profile, such as professional function, country, sector, hierarchical level, company size and employment status. Data protection information about the processing of user data by LinkedIn can be found in LinkedIn’s data protection policy: www.linkedin.com/legal/privacy-policy
  4. We have signed a separate agreement with LinkedIn Ireland (“Page Insights Joint Controller Addendum (the ‘Addendum’)”, legal.linkedin.com/pages-joint-controller-addendum, which defines in particular the security measures that LinkedIn must take and in which LinkedIn has confirmed that it respects the rights of data subjects (e.g. users can ask LinkedIn directly for information or for personal data to be erased). Users’ rights (particularly to information, erasure, objection and complaint to a competent supervisory authority) are not restricted by the agreements with LinkedIn. The joint controller status relates solely to the collection of data by and transfer to Ireland Unlimited Company, a company registered in the EU. Further data processing is solely the responsibility of Ireland Unlimited Company, particularly the transfer of data to its parent, LinkedIn Corporation in the USA.
  5. LinkedIn Lead Gen Forms: We occasionally use LinkedIn Lead Gen Forms for sponsored contents and sponsored LinkedIn In-Mails for recruiting and marketing campaigns. If LinkedIn members click on contents sponsored by us, a form is opened in some cases in which information has already been filled in from their LinkedIn profile (e.g. rank, occupation and location). A LinkedIn member is connected with us as soon as they send a form.
  6. Xing: social network; service provider: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany; legal basis: Legitimate interests (Art. 6 (1) f) GDPR); website: https://www.xing.com/; data protection statement: https://privacy.xing.com/de/datenschutzerklaerung.
  7. kununu: rating platform; service provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany; Legal basis: Legitimate interests (Art. 6 (1) f) GDPR); website: https://www.kununu.com/de; data protection statement: https://privacy.xing.com/de/datenschutzerklaerung.

 

Sect. 8 Data protection for job applications

You can find the special data protection information that applies to job applications here: www.d-fine.com/en/service-navigation/information-on-data-protection-in-the-application-process/.

 

Sect. 9 Rights of the data subject

As the data subject you have various rights under the GDPR, particularly based on Articles 15 to 21 GDPR.

  1. Right to object: You have the right to object, at any time, on grounds relating to your particular situation, to the processing of personal data concerning you, which is based on Article 6, (1) e) or f) GDPR, including profiling based on those provisions. Where personal data are processed for direct marketing purposes, you have the right to object, at any time, to the processing of your personal data for the purpose of such marketing; this also applies to profiling insofar as it is conducted in conjunction with such direct marketing.
  2. Right to withdraw consent: You have the right to withdraw your consent at any time.
  3. Right to information and access: You have the right to confirmation of whether relevant data are being processed and to information about these data and to further information and a copy of the data in line with the statutory provisions.
  4. Right to rectification: You have the right in line with the statutory provisions to the completion of incomplete data concerning you and to the rectification of inaccurate information concerning you.
  5. Right to erasure and restriction of processing: You have the right in line with the statutory provisions to the erasure of data concerning you without undue delay or alternatively to a restriction of processing of the data in line with the statutory provisions.
  6. Right to data portability: You have the right in line with the statutory provisions to receive the data concerning you that you have provided us with in a structured, commonly used and machine-readable format or to transmit those data to another controller.
  7. Complaints to a supervisory authority: Notwithstanding any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.