Privacy Policy

Data Privacy Notice

Information of your current privacy setting:

Your current UID /User ID is:

You can change your current cookie privacy settings here:

Your consent history:

DateVersionConsents

The protection of your personal data is of the utmost importance to Deufol SE (hereinafter referred to as “we“, “us” or “the Controller“). Observing and complying with legal provisions relating to data protection and data security are a matter of course for us. The following information sets out what data we collect when you visit our website, and how this data may be used:

1 General information about data processing

1.1 Scope of personal data processing

In principle, we process our users’ personal data only to the extent that this is necessary to provide a functional website and to provide our content and services. Our users’ personal data is processed on a regular basis only with the users’ consent. An exception is made in such cases where prior consent cannot be obtained for factual reasons and statutory provisions permit the processing of the personal data.

1.2 Legal basis for the processing of personal data

Provided that we have obtained the data subject’s consent to process their personal data, Article 6(1a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for said processing.
For the processing of personal data which is required to perform a contract to which the data subject is party, Art. 6(1b) GDPR serves as the legal basis. This also applies to processing operations required to take steps prior to entering into a contract.
Insofar as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1c) GDPR serves as the legal basis.
If processing is necessary in order to protect the legitimate interests of our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, Article 6(1f) GDPR serves as the legal basis for processing.

1.3 Location of the data processing

Personal data is generally processed in Germany and other European countries. Should we process data in a third country (outside of the European Union (EU) or the European Economic Area (EEA)), or should data be processed in the course of using services provided by third parties or be disclosed or transmitted to third parties, this will only take place in order to comply with our contractual obligations or measures prior to formation of a contract, based on your consent, to fulfill a legal requirement or on the basis of our legitimate interests. Subject to legal or contractual authorization, we will process the data or have it processed in a third country only in the event that the particular requirements set out in Articles 44 et seq. GDPR are met. This means that the processing may be based on specific guarantees, such as official recognition that an EU-equivalent level of data protection has been established (e.g. via the Privacy Shield for the USA, https://www.privacyshield.gov) or compliance with officially recognized special contractual obligations (known as standard contractual clauses).
The EU-US Privacy Shield is subject to the adequacy decision (2016/1250) taken by the EU Commission on 12th July 2016, which states that compliance with the regulations of the EU-US Privacy Shield provides an adequate level of data protection for personal data.

1.4 Erasure of data and storage period

The data subject’s personal data is erased or blocked once the purpose of storage no longer applies. Data may continue to be stored beyond this point if provided for by European or national legislators in EU regulations, laws or other provisions to which the Controller is subject. Personal data is also erased or blocked if a storage period stipulated by the aforementioned standards expires, unless the continued storage of the data is required for the formation or performance of a contract.

2 Name and address of the Controller

The Controller responsible for the collection, processing and use of your personal data under the EU General Data Protection Regulation is

Deufol SE 
D-65719 Hofheim (Wallau) 
Johannes- Gutenberg- Str. 3-5 
Tel.: +49 6122 50-0 
Fax: +49 6122 1137 
E-mailinfo (at) deufol (punkt) com 
Webseite: www.deufol.com

3 Data Protection Officer contact details

The Controller’s Data Protection Officer can be contacted via:

Tel.: +49 (0) 69 63 80 94 41
E-mail: Datenschutz@deufol.com

4 Use of cookies, tracking pixels and tags

We use automated data collection technologies such as cookies or tracking pixels for our website, newsletters, e-mails and online services. These enable us to collect data – including personal data – that relates to the use of and interaction with our online services.
Cookies are small text files that are transmitted by our website, applications and services and stored on your device. We use cookies to enable us to provide you with user-friendly, effective and personalized services, in order to ensure that our website, applications and services are secure and to improve them on an ongoing basis for your benefit.
Nevertheless, the user can at any time disable cookies on a blanket basis through their browser or automatically delete cookies each time the session ends or the browser is closed; see also “Storage period” and “Objections and remedies”.
JavaScript snippets refer to tags that allow information to be transmitted from a website, for example in the context of online tracking.
Tracking pixels (also known as web beacons) are small graphics loaded when a website or e-mail is accessed which are used to track certain user activities. Loading a tracking pixel can mean accessing a web page or opening an e-mail in a web analytics tool.

4.1 Legal basis for the use of cookies, tracking pixels and tags

The legal basis for the use of cookies, tracking pixels and tags is a legitimate interest within the meaning of Article 6(1f) GDPR, and to guarantee that our website works correctly, is as easy to use as possible and provides you with a positive user experience.
We use analytical cookies, tags and retargeting technologies on the basis of our legitimate interest (Article 6(1f) GDPR, Recital 47). Our legitimate interest lies in optimally tailoring our website, applications and services to the interests of our customers.

4.2 Storage period/objections and remedies

You have the option of changing your browser settings so that cookies are not saved at all, and the option of deleting existing cookies.
In addition, the following description of the processing operations that take place includes references to ways to opt out by contacting the processor directly, where possible.
An objection (whether general or specific to certain providers) to the use of tracking, analytical functions or cookies can be submitted to the following services:

  • US Digital Advertising Alliance http://www.aboutads.info/choices/
  • Digital Advertising Alliance of Canada http://youradchoices.ca/
  • European Interactive Digital Advertising Alliance http://www.youronlinechoices.com/

Please be aware that it may not be possible to use all the functions of our online services if cookies are disabled.

5 Social media use

We offer our visitors the option of using social media services on our website.
Links to the respective services are provided for this purpose, via which users can rate, recommend or share content.

The social media services are operated exclusively by third parties. If the user follows one of these links, information may be transmitted to these third parties. Data is provided via HubSpot call-to-action links. Data is only transmitted to the respective provider when the user actively clicks on one of the links.
Provided that the user does not actively select a social media link, no data is exchanged with social media providers.
If you use these social media provider services and content, the provider will receive information about your visit to our website. It may be the case that personal data, such as your IP address, will be processed by the provider in this context. Should you be logged into your social media account when visiting our website, the provider may link information relating to your visit with your social media account.

The legal basis for the provision of the social media links is Article 6(1f) GDPR; we have a legitimate interest in enabling visitors to our website to use social media services.

You can find more details about the terms of use and data protection in the descriptions of the individual social media providers.

We have integrated the following social media providers onto our website:

  •  Facebook Inc.
    This website contains links to Facebook services and content, which are provided by Facebook Inc. (1 Hacker Way, Menlo Park, California 94025, USA). These may include content such as images, videos and text. Furthermore, you can use the provided links to “like” or “share” content from our website on Facebook.

    The Facebook privacy policy can be found at: https://www.facebook.com/policy.php
    Facebook is certified in accordance with the EU-US Privacy Shield Framework:
    https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC
  •  Twitter Inc.
    This website contains links to Twitter services and content, which are provided by Twitter Inc. (1355 Market Street, Suite 900, San Francisco, CA 94103, USA). You can use Twitter to express an interest in content on our website or subscribe to articles, among other actions.
    The Twitter privacy policy can be found at:
    https://twitter.com/privacy?lang=en
    Twitter is certified in accordance with the EU-US Privacy Shield Framework:
    https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO

    You can object to Twitter’s storage of data and information relating to your visits to websites, and to Twitter placing cookies on your device, by using the following opt-out link:
    https://twitter.com/personalization
  • LinkedIn
    This website contains links to LinkedIn services and content, which are provided by LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland) and the LinkedIn Corporation. These may include content such as images, videos and text. We also provide you with LinkedIn functions such as “Share” by way of links.

    The LinkedIn privacy policy can be found at:
    https://www.linkedin.com/legal/privacy-policy.
    LinkedIn is certified in accordance with the EU-US Privacy Shield Framework:
    https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0

    You can object to LinkedIn’s storage of data and information relating to your visits to websites, and to LinkedIn placing cookies on your device, by using the following opt-out link:
    https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=microsites-frontend_legal_cookie-policy

An objection (whether general or specific to certain providers) to the use of tracking, analytical functions or cookies can be submitted to the following services:

  • Digital Advertising Alliance http://www.aboutads.info/choices/
  • Digital Advertising Alliance of Canada http://youradchoices.ca/
  • European Interactive Digital Advertising Alliance http://www.youronlinechoices.com/

Job advertisements and applications

6.1 Description and scope of data processing

We provide an overview of vacant positions within the Deufol Group on our website. If you are interested in a position, you will be forwarded to our applicant platform, operated by On-apply GmbH, for a detailed description of the position and the option of applying online.

If you wish to apply online directly, this will require you to enter certain personal data, identified as mandatory fields in the online form, such as your first name and surname, postal address and e-mail address. To make it easier for us to get in contact with you, you also have the option of voluntarily sending us additional personal data and files relevant to the application process (covering letter, CV, references, etc.). The personal data that you provide in the online application is processed on our behalf in one of the databases operated by On-apply GmbH.
As an alternative, you can send us your application by e-mail or by post.

Access to the personal data you provide is only granted to the relevant employees of the Deufol Group, affiliated companies and third-party companies commissioned by Deufol SE to provide services in the context of the application process. For this purpose, Deufol SE’s central HR department examines the applications and if necessary involves other offices, such as the HR department, specialist department, works council, etc., who require access in order to reach a hiring decision and to comply with our contractual and legal obligations and measures prior to formation of a contract.

6.2 Legal basis for data processing

The predominant legal basis is Article 6(1b) GDPR in conjunction with Sections 26(1) and (2) of the German Federal Data Protection Act (BDSG).
To the extent necessary, we also process your personal data on the basis of Article 6(1f) GDPR in order to safeguard our legitimate interests or those of third parties (e.g. public authorities).

6.3 Purpose of data processing

The personal data and files you send are collected, stored and used solely for purposes in connection with recording and processing your interest in current or future employment with a Deufol company.It is necessary to process your applicant details in order to reach a decision on the establishment of an employment relationship.

6.4 Storage period

If your application is successful, the personal data and files you have transmitted may continue to be used in the context of the employment relationship with you. You will then receive detailed information about how your personal data is handled within the employment relationship in the course of signing the employment contract.
If your application for an advertised position or speculative application does not result in your employment, your personal data will be erased after six months in accordance with Section 61b(1) of the German Labor Court Act (ArbGG) in conjunction with Section 15 of the German General Act on Equal Treatment (AGG), unless you have expressly consented to the long-term storage of your personal data in the context of a pool of applicants or there is a legal basis for its continued storage on a case-by-case basis.

6.5 Objections and remedies

The user has the option, at any time, to withdraw their consent to the processing of personal data.

7 Google services

We use Google Analytics and Google Tag Manager as web analytics services and Google reCAPTCHA to secure user inputs on our website. These services are provided by Google LLC (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).
In addition, we use the provider YouTube to embed videos on our website. YouTube is operated by YouTube LLC (901 Cherry Avenue, San Bruno, CA 94066, USA). YouTube is represented by Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA).

The Google privacy policy can be found at:
http://www.google.com/analytics/terms/us.html and https://policies.google.com/privacy?hl=en
Google is certified in accordance with the EU-US Privacy Shield Framework:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI

7.1 Google web analytics

7.1.1 Description and scope of data processing

We use the services Google Analytics and Google Tag Manager for web analytics purposes. Google Analytics uses cookies to analyze website use.

When content is requested on our website, the following data is stored:

(1) Anonymized IP address of the user’s system making the request

(2) The requested website

(3) The website from which the user came to the requested site (referrer)

(4) The subsites accessed from the requested website

(5) The duration of the visit to the website

(6) The frequency of requests for the website

The data generated by the cookie about your use of this website is normally sent to a Google server in the USA, where it is stored. Please note that this website uses Google Analytics with the extension code “gat._anonymizeIp();”. This means that your IP address is truncated by Google within member states of the European Union or other states party to the Agreement on the European Economic Area before it is transferred to the USA. Only in exceptional cases is the full IP address sent to a Google server in the USA, where it is truncated.

On our behalf, Google uses this information to statistically analyze your browsing behavior on our website, to compile reports on the appeal of individual content and services provided, and to provide us with other services related to the use of the website and the Internet.
The IP address relayed by your browser within the scope of Google Analytics is not linked to other Google data.
You can find more details on this matter at
http://www.google.com/intl/us/analytics/privacyoverview.html, which provides general information about Google Analytics and data protection.
The Google Tag Manager tool does not itself collect personal data. The tool enables actions to be triggered, which may potentially capture data (e.g. Google Analytics).

7.1.2 Opt-out

You can object to Google’s storage of data and information relating to your visit to our website, and to Google placing cookies on your device, by using the following opt-out link:
This places an opt-out cookie on your system, which prevents your data from being collected during future visits to this website:

Disable Google Analytics

7.1.3 Legal basis for data processing

We use the web analytics service Google Analytics in combination with Google Tag Manager for the purpose of designing our web pages to meet requirements and optimizing them on an ongoing basis. This constitutes a legitimate interest in accordance with Article 6(1f) GDPR.

7.1.4 Purpose of data processing

The purpose of the web analytics is to continually improve our website and further develop our online services in a user-oriented way.
Google Analytics enables us to record and statistically analyze the browsing behavior, visit duration and interests of visitors to our website in pseudonymized form, in order to optimize our website on behalf of our visitors. 

7.1.5 Storage period/objections and remedies

Cookies are stored on your device and transmitted to our website by your device. This means that you have full control over the use of cookies as a user. You can disable or limit the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been stored can be deleted at any time. This can also take place on an automated basis. If cookies are disabled for our website, it may not be possible to use all the functions on our website to their full extent.

7.2 Google reCAPTCHA

7.2.1 Description, purpose and scope of data processing

Google reCAPTCHA is a service for security checks and primarily serves to determine whether entries are made by natural persons or in an abusive fashion by means of machine and automated processing.
It is necessary to send the IP address of the user and potentially additional data required by Google for the reCAPTCHA service to Google in order to use the reCAPTCHA service.

You can find more details about the Google reCAPTCHA terms of use and privacy policy at:
https://policies.google.com/privacy?hl=en
https://policies.google.com/terms?hl=en

7.2.2 Legal basis for data processing

We also have a legitimate interest within the meaning of Article 6(1f) GDPR in processing IP addresses to ensure that our website remains secure and to protect the service we provide against automated spying, misuse and spam.

7.3 Provision of videos via YouTube

7.3.1 Description and scope of data processing

If you visit one of our web pages that contains videos embedded using the YouTube plug-in, this establishes a connection with YouTube servers. This allows the YouTube servers to obtain information about your visit to our website.
YouTube cookies may also be stored on your device. These cookies enable YouTube to obtain information about visitors to our website. This information is used, among other purposes, to collect video statistics, improve user-friendliness and prevent fraud attempts.
If you are logged into your YouTube account while visiting our website, it is possible for YouTube to match your browsing behavior to your personal profile directly. The use of the YouTube plug-in, such as clicking the start button on a video, is also linked to your user account.

7.3.2 Legal basis for data processing

The use of YouTube enables us to present our online content and services in an appealing way. This constitutes a legitimate interest in accordance with Article 6(1f) GDPR.

7.3.3 Purpose of data processing

We use the YouTube platform to upload our own videos and allow visitors to our website to access them.

7.3.4 Storage period/objections and remedies

The cookies used by YouTube remain on your device until you delete them.

8 User feedback

8.1 Description and scope of data processing

We use services provided by Hotjar on our website in order to better understand the needs of our users and optimize our service on our website. The services are provided by Hotjar Limited (Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta).
We use a Hotjar plug-in to offer visitors to our website the opportunity to quickly send us feedback on the content we provide. The Hotjar plug-in offers users a rating scale from “good” to “bad”, where the user has the option of adding a comment.

The plug-in also transmits the following data to Hotjar:

  • IP address (collected and stored in pseudonymized form)
  • Geolocation at the national level based on the IP address
  • URL of the website
  • The browser type and version
  • Screen resolution setting and time zone on the device

8.2 Opt-out

You can object to Hotjar’s storage of data and information relating to your visit to our website, and to Hotjar placing tracking cookies on your device, by using the following opt-out link:

https://www.hotjar.com/legal/compliance/opt-out

8.3 Legal basis for data processing

We have a legitimate interest within the meaning of Article 6(1f) GDPR in providing users of our website with the option to actively submit feedback on their experiences with our website, both in order to respond to the needs of our customers and to improve and continue to develop the technology and content on our website within the context of our PDCA process.

8.4 Purpose of data processing

User feedback is gathered, pseudonymized or anonymized, processed and made available to us via a Hotjar plug-in.
Neither we nor Hotjar use the information to identify individual users or combine the information with other data relating to individual users. More information can be found in Hotjar’s privacy policy at https://www.hotjar.com/legal/policies/privacy.

8.5 Storage period/objections and remedies

Personal data transmitted to Hotjar is erased by Hotjar immediately after processing.

10 Geolocation service

10.1 Description and scope of data processing

We use the ipstack.com service, operated by apilayer GmbH (Hoerlgasse 12/4, 1090 Vienna, Austria) for geolocation services.

When you request our website, the ipstack.com service is used to determine the two-character country code for the country you are probably located in on the basis of your IP address.

Additional information on the purpose and scope of data collection and processing by ipstack.com can be found in the provider’s privacy policy at https://ipstack.com/privacy.

10.2 Legal basis for data processing

The geolocation service provided by ipstack.com is used for the purpose of displaying our online services in a way that appeals to specific national audiences and in the national language of the visitor. This constitutes a legitimate interest within the meaning of Article 6(1f) GDPR.

10.3 Purpose of data processing

We use the geolocation service provided by ipstack.com for the purpose of displaying our online services in a way that appeals to specific national audiences and in the national language of the visitor.

10.4 Storage period/objections and remedies

Deufol does not store any personal data as part of this processing.

13 Rights of the data subject

Where personal data that relates to you is processed, this makes you a data subject within the meaning of the GDPR and you have the following rights with regard to the Controller:

13.1 Right of access by the data subject

You can obtain from the Controller confirmation as to whether or not personal data that concerns you is being processed by us.
Where such processing takes place, you can obtain the following information from the Controller:

(1) The purposes for which the personal data is processed;

(2) The categories of personal data that are processed;

(3) The recipients or categories of recipient to whom the personal data relating to you has been or will be disclosed;

(4) The envisaged period for which the personal data relating to you will be stored, or, if specifics cannot be provided, the criteria used to determine the storage period;

(5) The right to request from the Controller rectification or erasure of personal data relating to you or restriction of processing of personal data or to object to such processing;

(6) The right to lodge a complaint with a supervisory authority;

(7) Where the personal data is not collected from the data subject, any available information as to its source;

(8) The right to automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and, at least in those cases,
meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information about whether personal data relating to you is transferred to a third country or to an international organization. In this context, you can request information about the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

13.2 Right to rectification

If the processed personal data relating to you is inaccurate or incomplete, you have the right to have it rectified and/or completed by the Controller. The Controller must rectify such data without undue delay.

13.3 Right to restriction of processing

You have the right to request restriction of processing of the personal data relating to you under one or more of the following conditions:

(1) If you contest the accuracy of the personal data relating to you, for a period enabling the Controller to verify the accuracy of the personal data;

(2) The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;

(3) The Controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defense of legal claims; or

(4) You have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the Controller override yours.

Where processing of personal data relating to you has been restricted, such personal data will, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If you have obtained restriction of processing pursuant to the conditions outlined above, you will be informed by the Controller before the restriction of processing is lifted.

13.4 Right to erasure

Erasure obligation

You have the right to obtain from the Controller the erasure of personal data relating to you without undue delay and the Controller has the obligation to erase personal data without undue delay where one of the following grounds applies:

(1) The personal data relating to you is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

(2) You withdraw consent on which the processing is based according to Article 6(1a), or Article 9(2a) GDPR, and where there is no other legal ground for the processing;

(3) You object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR;

(4) The personal data relating to you was unlawfully processed;

(5) The personal data relating to you has to be erased for compliance with a legal obligation in Union or Member State law to which the Controller is subject;

(6) The personal data has been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

Information to third parties

Where the Controller has made the personal data relating to you public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you as the data subject have requested the erasure of any links to, or copies or replications of, this personal data.


Exceptions

The right to erasure does not apply if processing is necessary:

(1) For exercising the right of freedom of expression and information;

(2) For compliance with a legal obligation which requires processing by Union or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

(3) For reasons of public interest in the area of public health in accordance with Article 9(2h) and (2i) as well as Article 9(3) GDPR;

(4) For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR provided the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or

(5) For the establishment, exercise or defense of legal claims.

13.5 Right to notification

If you have exercised your right to rectification or erasure of personal data relating to you or restriction of processing vis-à-vis the Controller, the Controller undertakes to communicate this rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort.
You also have the right to information from the Controller about those recipients.

13.6 Right to data portability

You have the right to receive the personal data relating to you, which you have provided to the Controller, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the Controller to which the personal data has been provided, where

(1) the processing is based on consent pursuant to Article 6(1a) or Article 9(2a) GDPR or on a contract pursuant to Article 6(1b) GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data relating to you transmitted directly from one controller to another, where technically feasible. This right must not adversely affect the rights and freedoms of others.
This right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

13.7 Right to withdraw consent and object to processing

You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

You also have the right to object to processing if the conditions of Article 21 GDPR are met.

13.8 Exercise of rights under Items 13.1 to 13.7

If you wish to exercise your rights in accordance with Items 13.1 to 13.7, you may contact us informally using the contact details indicated above under Items 2 and 3.

13.9 Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.