A. Information regarding the collection of personal data
(1) In the following, we provide information regarding the collection of personal data when using our website. Personal data is defined as all data that relates to you personally, e.g. name, address, e-mail addresses, user behavior.
(2) Controller in accordance with article 4(7) of the EU General Data Protection Regulation (GDPR) is
- Dorma Hüppe Raumtrennsysteme GmbH + Co. KG
- Industriestrasse 5
- 26655 Westerstede/Ocholt, Germany
Our data protection officer can be contacted at email@example.com or using our postal address and adding "The data protection officer".
(3) When contacting us by e-mail or using a contact form, the data you supply (your e-mail address, your name and phone number if necessary) are stored by us in order to answer your questions. We delete the data gathered in this regard once storage of such data is no longer required, or limit processing of such data should statutory storage obligations apply.
(4) Should we require contracted providers to carry out individual functions of our offering or should we like to use your data for commercial purposes, we shall inform you in detail of the respective actions. In doing so, we shall also inform you of the defined criteria regarding duration of storage.
B. Your rights
You have the following rights vis-à-vis ourselves with regard to your personal data:
- Right of access
- Right to rectification or erasure
- Right to limitation of processing
- Right to object to processing
- Right to data portability
- Right to lodge a complaint with a regulatory authority.
C. Collection of personal data when visiting our website
(1) When using our website for purely informational purposes, i.e. without registering or otherwise submitting information to us, we only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data that we require from a technical point of view to display our website to you and guarantee stability and security (the legal basis here is article 6(1) sentence 1, lit. f GDPR):
- IP address
- Date and time of enquiry
- Time zone difference to Greenwich Mean Time (GMT)
- Content of request (specific page)
- Access status/HTTP status code
- Volume of data transmitted
- Website from which the request originated
- Operating system and its interface
- Language and version of browser software.
(2) In addition to the aforementioned data, when using our website, cookies will be stored on your computer. Cookies are small text files stored on your hard drive by the web browser you are using, enabling certain information to be collected by the website owner who sets the cookie (in this case us). Cookies cannot execute programs or transmit viruses onto your computer. They are designed to make the internet service as a whole more user-friendly and effective.
a) This website uses the following types of cookies, the scope and functioning of which shall be described below:
- Transient cookies (b)
- Persistent cookies (c).
b) Transient cookies are automatically deleted when you close the browser. These include session cookies in particular. They store a so-called session ID with which the various requests from your browser are assigned to the session as a whole. This means your computer can be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.
c) Persistent cookies are deleted automatically after a specified length of time, which may differ depending on the cookie. You can delete the cookies at any time in your browser’s security settings.
d) You can configure your browser settings according to your needs and decline acceptance of third-party cookies or all cookies, for example. We advise you that you may not be able to use all functions of this website.
e) The Flash cookies used are not collected by your browser but by your Flash Plug-in. We also use HTML5 storage objects, which are stored on your terminal. These objects store the data required independently of your browser used and have no automatic expiry date. If you do not want Flash cookies to be processed, you have to install a corresponding add-on. The use of HTML5 storage objects may impede you as they use private mode in your browser. We also recommend manually deleting your cookies and browser history regularly.
f) This website uses etracker Analytics, a web analysis service of etracker GmbH ("etracker").
D. etracker Analytics
(1) The provider of this website uses the services of etracker GmbH, Hamburg, Germany (www.etracker.com) to analyse usage data. Here, cookies are used which enable the statistical analysis of the use of this website by its visitors as well as the display of usage-relevant content or advertising. Cookies are small text files that are stored by the Internet browser on the user's device. etracker cookies do not contain any information that could identify a user.
(2) The data generated with etracker is processed and stored by etracker solely in Germany by commission of the provider of this website and is thus subject to strict German and European data protection laws and standards.In this regard, etracker was checked, certified and awarded with the ePrivacyseal data protection seal of approval.
(3) The data is processed on the legal basis of Art. 6 Section 1 lit f (legitimate interest) of the EU General Data Protection Regulation (GDPR). Our legitimate interest is the optimization of our online offer and our website. As the privacy of our visitors is very important to us, etracker anonymizes the IP address as early as possible and converts login or device IDs into a unique key with which, however,no connection to any specific person can be made with. etracker does not use it for any other purpose, combine it with other data or pass it on to third parties.
(4) You can object to the outlined data processing at any time provided it is related to your person. Your objection has no detrimental consequences for you.
E. Privacy statement for dormakaba newsletter
(1) With your consent you may subscribe to our newsletter in which we inform you about our current offers that may be of interest. The advertised goods and services are mentioned in the declaration of consent.
(2) We use the double opt-in procedure when you register for our newsletter. This means that after your registration we send you an e-mail to the e-mail address you provided in which we ask you for confirmation that you would like to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and then deleted automatically after one month. We also store your IP addresses and the times of your registration and confirmation. The purpose of this procedure is to verify your registration and to discover any possible misuse of your personal data.
(3) The only mandatory information required to send the newsletter is your e-mail address. Provision of further data shown separately is voluntary and is used to address you personally. After your confirmation we store your e-mail address in order to send a newsletter. The legal basis is Art. 6 (1) s. 1 a GDPR.
(4) You may revoke your consent at any time and unsubscribe from the newsletter. You may revoke your consent by clicking on the link provided in every newsletter or by using the above contact details to send a message.
(5) We draw your attention to the fact that we evaluate your user behaviour when the newsletter is sent. For this evaluation, the e-mails sent contain so-called web beacons or tracking pixels which represent single-pixel image files stored on our website. For these evaluations we link the data mentioned in (3) and the web beacons to your e-mail address and an individual ID.
Links in the newsletter also contain this ID. We use the data obtained in this way to create a user profile to tailor the newsletter to your individual interests. In this process we make a record of when you read our newsletters, which links in them you click on, and then draw conclusions about your personal interests. We link this data with your actions on our website.
You may object to tracking at any time by clicking on the separate link provided in every e-mail or by informing us via any other communication channel. The information will be stored as long as you subscribe to the newsletter. After you unsubscribe, we will only store the data in a statistical and anonymous form.
Furthermore, such tracking is not possible if you have disabled the display of images in the default settings in your e-mail application. In this case the newsletter will not be fully displayed and you may not be able to use all the functions. If you choose to display the images manually, the above-mentioned tracking will take place.
Data privacy statement for customers, suppliers and service providers
Version 1.2 dated 09.05.2018
- DORMA Hüppe Raumtrennsysteme GmbH + Co. KG
- Industriestraße 5
- 26655 Westerstede
DORMA Hüppe Raumtrennsysteme GmbH + Co. KG takes the protection of your personal data very seriously and always handles your personal information in compliance with data privacy law. In this data privacy statement we would like to give you an overview of how we handle your personal data and the rights you have in this regard. Exact details of the data we handle or use is essentially determined by your relationship with our company. For this reason it is possible that not all parts of this data privacy statement apply to you.
A. Person responsible and data protection officer
a. Responsibility for the handling of your personal data is assumed by
- DORMA Hüppe Raumtrennsysteme GmbH + Co. KG
- Industriestraße 5
- 26655 Westerstede
- +49 4409 666-0
- +49 4409 666-287
b. You can contact our data protection officer at
- MERENTIS DataSec GmbH
- Data protection and privacy
- Tobias K. Eicke
- -General Practice Lawyer-
- Kurfürstenallee 130
- 28211 Bremen
- email: firstname.lastname@example.org
B. How do we collect your personal data
We handle the personal data we receive from you when you contact us. We collect customer data for instance if you use our online contact form, call our free info hotline, or send an email to our central contact address detailing your concern.
Suppliers and service providers register on the supplier portal to enable them to take part in RFPs and also to allow them to be considered as a contract partner. We collect their data during the registration process.
We obtain the delivery addresses of our customers from our contract partners so that we can send our products to the correct delivery location. This is the route by which we receive their data from our contract partner, who collected it directly from you prior to that.
Furthermore we handle personal data that we are authorised to acquire from publicly accessible sources (e.g. debtors’ lists) or which is lawfully passed to us by other dormakaba companies or other third parties, such as credit agencies.
Relevant personal data is:
- personal identification information and contact information (e.g. title, name, address, date of birth, email address, telephone number);
- payment data (e.g. account details);
- data arising from the fulfilment of our contractual obligations (e.g. delivery addresses, addresses of contract facilities with repair orders, invoice data);
- information about your financial situation (e.g. credit ratings);
- data about your online behaviour and preferences (e.g. IP addresses, identification characteristics of mobile devices, data on visits to our websites and apps, geo- localisation data);
- advertising and sales data (e.g. information about issued/withdrawn consents).
C. Purpose and legal basis for data handling
We handle personal data in compliance with the EU General Data Protection Regulation (EU-GDPR) and the German Federal Data Protection Act 2018 (BDSG-Neu)
1.1 for the fulfilment of contractual obligations (Article 6 Paragraph 1 Point b EU-GDPR)
Data is handled in order to fulfil the contract with you or to execute pre-contractual measures initiated by you.
This is the case for instance if you order replacement parts, services or products from us.
Suppliers and service providers register, for example on our RFP portal, to take part in RFPs so that a contractual relationship can be established.
In addition, we pass your address details to logistics companies and subcontracted tradesmen in order to fulfil our obligation and install/maintain the product. It is also possible that we receive your address details because you were given as a contact person for installation or maintenance, for instance by your landlord.
Further details on the data handling purposes can be found in the relevant contract documents and Terms & Conditions of Business.
1.2 where balancing of interests is involved (Article 6 Paragraph 1 Point f EU-GDPR)
Data is handled so as to preserve our own legal interests or those of third parties, insofar as your legitimate interest does not take precedence. Examples:
- internal acquisition market analysis,
- internal data handling and analysis to guarantee that customers are addressed with an individual approach with tailored products and services,
- internal data handling and analysis for the purpose of improving and developing intelligent and innovative services and products,
- enforcement of legal claims and defence in legal conflicts,
- prevention and resolution of criminal offences,
- video surveillance to preserve domiciliary rights as well as to gather evidence in the event of criminal offences,
- reconciliation of your data with European Union sanction and embargo lists,
- maintaining a visitor list on our company premises including keeping a record of names and vehicle registrations.
1.3 on the basis of your consent (Article 6 Paragraph 1 Point a EU-GDPR)
In the event that you have given us consent to handle your personal data for specified purposes (e.g. advertising telephone calls, entry in prize draws), data handling on this basis is lawful. Consent issued can be withdrawn at any time. This also applies to the withdrawal of consent declarations issued to us before the EU-GDPR came into force, in other words before 25th May 2018. Withdrawal of consent is applicable to the future and does not affect the legality of data handling up to the point of withdrawal.
1.4 on the basis of legal requirements (Article 6 Paragraph 1 Point c EU-GDPR)
Your personal data is stored for a period described in more detail below to fulfil requirements specified under tax and commercial law. We are also obliged to take into consideration the embargo and boycott lists specified under trade union law when we supply to customers, as well as the obligation of suppliers and service providers.
D. Recipients of the personal data
Access to your data is granted to those areas within our company that need this in order to fulfil their function in the company or to fulfil our contractual or legal obligations.
Any service providers commissioned by us can also receive data. Initially these are other companies within the dormakaba group, as well as companies in the categories postal and printing service providers, IT service providers, telecommunication providers (call centres), sales partners, internet service providers, information services, debt collection agencies, as well as other service providers we may use within the context of order processing.
Under certain conditions it is also possible for personal details to be passed to public offices, e.g. tax offices, authorities of jurisdiction and criminal justice (e.g. police, public prosecutors, courts), lawyers and notaries, as well as auditors.
The list below details recipients of your personal data:
E. Passing data to third countries or to international organisations
We do not pass your personal data to areas outside the European Economic Area so that a so-called “third country transfer” situation does not arise.
F. Duration of storage
We always delete your personal data when the purpose of handling has expired, all mutual claims are fulfilled, and no other legal retention requirements or justifications for storage exist. Legal retention requirements arise in particular on the basis of the German Commercial Code (HGB) and Fiscal Code (AO). The retention periods are usually six to ten years. Insofar as required, e.g. for securing evidence, customer data is retained until the statutory limitation period has expired. This period is three years as specified under § 195 BGB (German Civil Code).
G. Your data protection rights
You have the following data protection rights according to statutory regulations:
- the right of access to the data stored by us (Article 15 EU-GDPR), as well as
- the right to rectification (Article 16 EU-GDPR),
- the right to erasure (Article 17 EU-GDPR),
- the right to limitation of processing (Article 18 EU-GDPR),
- the right to data portability (Artikel 20 EU-GDPR),
- and the right to lodge a complaint (Artikel 21 EU-GDPR)
Furthermore you have the right to approach the relevant supervisory board with any complaints:
Die Landesbeauftragte für den Datenschutz Niedersachsen (state official for data protection in Lower Saxony),
Prinzenstraße 5, 30159 Hannover,
Phone: +49 (0)511 120 45 00
H. Is there an obligation to make the data available?
Within our business relationship you must make available any personal data that is required to begin, maintain and finish a business relationship and to fulfil the contractual obligations associated with this, or that we are legally obliged to collect. Without this data we will generally not be in a position to conclude or execute a contract with you.
Furthermore it has been clearly identified in our contract forms as well as on our websites which information is voluntary and which is obligatory.
We collect credit rating information on our customers and other contract partners. This activity allows us to evaluate whether your creditworthiness is sufficient to be able to conclude a contract with you. This decision is partially automated using statistical methods, with the help of information provided by credit agencies.
We never justify and carry out business relations based entirely on fully automated decision processes within the meaning of Article 22 EU-GDPR and we do not handle your data with the aim of evaluating certain personal aspects (profiling).
J. Right to object
1. Right to object based on individual cases
You have the right to object to the handling of your personal data at any time for reasons arising from your particular personal situation, if the data is handled on the basis of the legal principle regulated under Art. 6 Para. 1 Point e EU-GDPR (handling in the public interest) and Art. 6 Para. 1 Point f EU-GDPR (data handling on the basis of balancing of interests). This also applies to profiling based on this provision.
In the event that you lodge an objection, we will cease to handle your personal data, other than in the event that we can prove compelling justification of the necessity of handling it, which overrules your interests, rights and liberties, or that handling the data serves to enforce, exercise or defend any legal claims.
2. Right to object against handling of data for purposes of direct advertising
It can occasionally happen that we handle your personal data in order to conduct direct advertising. You have the right to object at any time to the handling of personal data relating to you for the purposes of advertising of this nature. This also applies to profiling associated with direct advertising of this nature that is not initiated by us (see above).
3. Recipient of the objection
You can address your objection in your own words, stating your name, address and date of birth, with the subject line “Objection”, to us at: email@example.com