Privacy at a glance

Privacy policy

Data protection is important to us and we take it very seriously. We rely on a trusting cooperation with you and endeavour to satisfy you in every respect – this naturally also applies to the handling of your personal data. With this privacy policy, we would like to inform you about how your personal data is processed. Therefore, please take note of the following information. Our privacy policy supplements the terms of use of the D&TS websites.

In the course of the further development of our website and the implementation of new legal requirements, new technologies or in order to improve our service for you, changes to this data protection declaration may become necessary. We therefore recommend that you read this privacy policy again from time to time.

Privacy policy

Data protection information for the processing of personal data in connection with consulting and sales measures in the industry in accordance with Art. 13 GDPR

We are pleased to inform you in accordance with the European General Data Protection Regulation (GDPR) about the manner and purpose of the processing of personal data within D&TS GmbH in Schwelm.

Controller in the sense of data protection law

D&TS GmbH

Wilhelmstrasse 41-43

D-58332 Schwelm

Phone: +49 (0) 2336 42828-0

E-mail: datenschutz@dundts.com

Represented by its managing director: Mr Paulo Ferreira

Data Protection Officer

D&TS GmbH

Wilhelmstrasse 41-43

D-58332 Schwelm

Phone: +49 (0) 2336 42828-0

E-mail: datenschutz@dundts.com

Represented by its managing director: Mr Paulo Ferreira

The processing of personal data

Unless listed separately, we process personal data for the purposes listed below.

General information on the processing of personal data

This Privacy Policy applies to data, including personal data, that D&TS collects about you. Personal data is data or a combination of individual data that can be used to identify you. We process your personal data in compliance with the data protection laws of the Federal Republic of Germany and the European General Data Protection Regulation (“GDPR”). Under no circumstances will we pass on your personal data to third parties outside D&TS for advertising or marketing purposes without your consent.

As an international company, we use external service providers. Insofar as the data processed is personal data, contractual agreements and organisational measures have been taken in accordance with applicable law to ensure the security of your data. Our external service providers are bound by our instructions and are regularly monitored.

In our company, compliance with the statutory provisions and this declaration is monitored by our data protection officer/the managing director. Our employees have been trained in the handling of personal data and have been obliged in writing to comply with data protection regulations.

The use of our website is generally possible without providing personal data. If personal data (e.g. name, address or e-mail addresses) is collected on our website, this is always done on a voluntary basis as far as possible.

We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. We try to protect your data from unauthorised access by third parties by taking precautions such as pseudonymisation, data economy, observing deletion periods and taking into account the current state of the art. Despite these protective measures, however, we cannot completely rule out unauthorised processing by third parties.

Data processing for access from the Internet

When you visit our website, our web servers temporarily store every access in a log file. The following data is recorded and processed until it is automatically deleted:

• Anonymised IP address of the requesting computer
• Date and time of access
• Time zone difference to Greenwich Mean Time (GMT)
• Access status/http status code
• Amount of data transferred in each case
• Operating system and its interface
• Recognition data of the browser and operating system used
• Language and version of the browser software
• Name and URL of the retrieved data, content of the request
• Message whether the call was successful
• Website from which the access is made
• Name of your
  Internet access provider

When using this website for purely informational purposes, D&TS only collects the personal data that is technically necessary for the display, use of the website (connection setup), system security, system stability, technical administration of the network infrastructure and optimisation of the website. The legal basis is a legitimate interest of D&TS (Art. 6 para. 1 sentence 1 lit. f GDPR).

You have the option to object to this data processing. If you object to the use of the data, we would like to point out that you may only be able to use our services to a limited extent.

This personal data will not be processed beyond the cases mentioned above unless you expressly consent to further processing (further information can be found in this privacy policy under “Consent”).

Purpose of data processing

In accordance with the principle of data avoidance and data minimisation of the General Data Protection Regulation, we only process personal data on our website if this is either necessary for the purpose you have requested, if we are obliged to do so due to legal regulations or a contract, if we have a legitimate interest and/or if you provide it to us voluntarily.

When entering personal or business data (e.g. e-mail address, name, address), the disclosure of your data is expressly voluntary.

We process your contact, business and business-relevant data on the basis of legal regulations within the framework of the existing or prospective business relationship. In addition, by entering the data, you consent to the data entered being processed for the legitimised purpose or for the purpose specified by you. The data you provide will only be processed by us for as long as the purpose requires and will be deleted after fulfilment of the purpose or after expiry of the respective retention periods. Your data will not be processed for any other purpose. If you object to the processing of your data, we would like to point out that you may only be able to use our services to a limited extent. In order to provide you with a comprehensive range of services, your data will be transmitted and used within the framework of D&TS.

The following are ways in which we can use the data:

Due to legal regulations:

• Enforcement of our General Terms and Conditions
• Managing our business
• Protection against or detection of possible fraudulent transactions

Due to contractual purposes:

• Payment processing for purchases and other services
• Processing of your application documents

Due to our legitimate interest:

• Determining the effectiveness of our advertising
• Development of new products and services
• Analysing the use of our products, services and websites
• Knowledge of how you reached our website
• Stability and security of the presentation of websites

Consent

Your consent to the processing can be revoked at any time with effect for the future. Your consent to the processing of your personal data may be required in various cases:

• Receipt of newsletters (further information under point 17)
• Dispatch of samples, rewards, products and information
• Registration for competitions, programmes or offers at your request
• Delivery of other services that we have offered you
• Surveys on our website
• Development and provision of advertising that is customised to your interests
• Contact via contact form (further information under point 15)

Storage duration

Your data will only be stored by D&TS for as long as it is required for specific purposes. Consequently, your data will be deleted by D&TS when:

• The corresponding legal basis for the processing of your data no longer exists,
• The purpose of processing your data no longer exists,
• you withdraw your consent to the processing of your data,
• A legal obligation makes the deletion necessary, or
• you have objected to the processing of your personal data,

unless there are statutory retention periods. D&TS may only delete your data once these periods have expired. Data whose deletion represents a disproportionate effort is exempt from deletion. In such a case, D&TS has a legitimate interest in storing your data in accordance with Art. 6 para. 1 lit. f GDPR.

Product data processing and confidentiality

We receive product data masters from our customers, which we structure and classify in accordance with the applicable data protection regulations, in particular according to ECLASS. This data is used to fulfil our services and, if necessary, to create product databases for third parties. We would like to emphasise that this product data is publicly accessible and non-critical information, as it relates to products from component manufacturers. We therefore do not consider it to be critical in terms of privacy or confidentiality. We would like to expressly point out that we consider CAD models, parts lists or data classified as confidential, in particular those of machine or plant manufacturers, to be secret and do not pass them on unless authorised in writing, e.g. for the sale of spare parts. By using our services, you agree that we may process this data in accordance with the conditions described here.

Automated decision making

In principle, we do not use fully automated decision-making in accordance with Art. 22 GDPR to establish and conduct the business relationship. Should we use these procedures in individual cases, we will inform you of this separately if this is required by law.

We process your data partially automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling for the targeted provision of products of interest to you.

Obligation to provide personal data

As part of our business relationship, you must provide the personal data that is required for the establishment and implementation of the respective business relationship and the fulfilment of the associated contractual obligations or that we are legally obliged to collect. Without this data, we will generally not be able to enter into the business relationship with you and fulfil the resulting obligations.

Links

The website may contain links to third-party websites over whose content D&TS has no influence. After clicking on a link, you leave the area of responsibility of D&TS. The processing of your data is then no longer within the sphere of influence of D&TS.

Protection of minors

As a rule, children and persons under the age of 18 do not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and we ensure that we do not knowingly collect personal data from children, use it in any way or disclose it to third parties without authorisation.

Transmission of data via the Internet

The Internet is a globally open platform. Due to the inherent operating mode of the Internet and the system-related risks, all data transmissions initiated by you are at your own risk. For your security, we offer our services exclusively via encrypted transmission channels.

Data transfer to third countries (non-EU countries)

We only transfer your data to countries outside the European Union/European Economic Area (third countries) if

• it is necessary for the execution of your orders,
• it is required by law or
• you have given us your consent.

If we transfer your data to a third country or to an international organisation, this is always done in accordance with the provisions of the GDPR. Furthermore, in accordance with the principle of data minimisation, we only transfer data that is limited to the necessary minimum.

In some cases, we use service providers whose registered office, parent company or subcontractor is based in a third country. Your data will only be transferred if the European Commission has decided that an adequate level of protection exists in a third country (Art. 45 GDPR), suitable guarantees are provided (e.g. standard contractual clauses issued by the European Commission) and enforceable rights and effective legal remedies are available to you as a data subject. We have contractually regulated compliance with the European General Data Protection Regulation and its requirements with the service providers.

Use of cookies

We use so-called cookies on our website. Cookies are small text files that are stored on your computer and saved by your browser. They do not cause any damage to your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Some cookies (so-called “functional cookies”, e.g. for language settings and ordering processes) are those that are absolutely necessary to ensure essential functions of the website. Without these, the website cannot be used as intended.

A distinction must be made between two types of cookie:

Transient cookies: Most of the cookies we use are so-called “transient cookies”, in particular “session cookies”. They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognise your browser the next time you visit our website within the same session.

Persistent cookies: Other cookies, so-called “persistent cookies”, are automatically deleted from your end device after a specified period of time (varies depending on the type of cookie).

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you reject the use of cookies (a possible setting in your browser), the use of our website is still possible (possibly with restrictions). You can find more information about the third-party tools we use and detailed cookie information about them in our “Cookie Settings” in the footer of this website (you can see them if you scroll to the bottom of this page). In the cookie settings you can also edit your personal settings regarding the storage of cookies.

Safety measures

We have taken extensive precautions to protect the security of your data. The data you transmit to us, e.g. in HTML pages (contact forms), is transmitted to D&TS in encrypted form (SSL – Secure Socket Layer) via the public data network and processed.

This site uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us as the party responsible for operating the site. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

Disclosure of data to third parties

Your personal data will not be passed on to third parties (outside D&TS and affiliated companies) unless you have given us your prior consent to do so. Excluded from this is the transfer to service providers, such as parcel service providers or forwarding agents, insofar as the transfer is necessary for order processing or delivery of the goods.

In addition, other service providers are involved in contract initiation and contract processing, such as IT service providers or the hosting service provider for the website. These companies work for D&TS within the framework of so-called order processing and may only use the personal data in accordance with our instructions. D&TS has contractually committed these service providers to the German level of data protection and monitors them.

Also excluded is the transmission of data for order processing or delivery of goods or services or for accounting and billing purposes within D&TS. Data may be stored in the cloud application salesforce.com, Inc. The Landmark @ One Market Street, Suite 300, San Francisco, CA 94105, USA (“Salesforce”) for transfer purposes. Beyond this, no data will be transferred to third parties without your consent.

In all these cases, the transmission is carried out in accordance with the applicable national and European data protection regulations; the scope of the transmitted data is limited to the necessary minimum.

Newsletter

If you register for a newsletter, you consent to the processing of your name and e-mail address as well as information that allows us to verify that you are the owner of the e-mail address provided. You also confirm that you agree to receive the newsletter.

Your address is also required for postal dispatch. Your data will be processed exclusively for the requested newsletter; your data will not be used for any other purpose. We will also not pass on your data to third parties. By sending you a registration e-mail with a confirmation link, our registration system ensures that you actually wish to receive the selected newsletter (so-called double opt-in procedure). You can revoke your consent to the processing of your data and e-mail address and their use for sending the newsletter at any time, for example by clicking on the “Unsubscribe” link in the newsletter.

If you order the newsletter via our contact form, we process your enquiry in our newsletter programme and our proprietary CRM tool.

1. newsletter dispatch via Brevo

We use the services of Brevo (formerly Sendinblue / Newsletter2go) to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Brevo (formerly Sendinblue) is a service that can be used to organise and analyse the sending of newsletters, among other things. If you enter data for the purpose of subscribing to the newsletter (e.g. email address), this data is stored on the Brevo (formerly Sendiblue) servers in Europe.

Brevo (formerly Sendinblue) is ISO 27001:2013 certified. Further information can be found in the privacy policy of Brevo (formerly Sendinblue): https://www.brevo.com/de/legal/privacypolicy/ and in the data security declaration: https://www.brevo.com/de/sicherheit/

2. conclusion of a contract for order processing

We have concluded an order processing contract with Brevo (formerly Sendinblue /Newsletter2go) and fully implement the strict requirements of the German data protection authorities when using Brevo (formerly Sendinblue /Newsletter2go).

Whitepaper

If you register for the provision of free information (e.g. download of a white paper, participation in a webinar/event), you consent to the processing of your name and e-mail address as well as information that allows us to verify that you are the owner of the e-mail address provided. You also confirm that you consent to the use of your data for marketing purposes in return for providing this information. For this purpose, we process your enquiry in our proprietary CRM tool.

Your data will be processed exclusively for the provision of information and for marketing purposes; your data will not be used for any other purpose. We will also not pass on your data to third parties. Our registration system ensures that you actually wish to access this information by sending you an activation e-mail with a confirmation link or by your participation after the registration confirmation.

You can revoke your consent to the processing of the data, the e-mail address and its use for sending the newsletter/marketing e-mails or for contacting you at any time.

If you order the whitepaper via our contact form, we will process your enquiry in our proprietary CRM tool (see more on this under point 15).

Friendly Captcha

To protect input forms on our website from spam and misuse, we use the “Friendly Captcha” service from Friendly Captcha GmbH (Germany). By using this service, it is possible to distinguish whether the corresponding input is of human origin or has been misused by automated machine processing.

The tool prevents automated and abusive requests by so-called “bots”. As part of this process, your IP address is recorded by Friendly Captcha in order to send a cryptographic task to your end device. This task is solved in the background and as soon as it is solved, Friendly Captcha confirms to the server that this is a natural person.

Friendly Captcha processes and stores the following data in this regard:

• IP address of the requesting computer (anonymised via one-way hashing)
• Information about the browser and operating system used
• Anonymised counter per IP address to control the cryptographic tasks
• Website from which the access took place (referrer URL)

Further information on data processing can be found on the Friendly Captcha website: https://friendlycaptcha.com/de/legal/privacy-end-users/

LinkedIn Insight Conversion Tracking

We use the LinkedIn Insight Conversion Tool from LinkedIn Inc (USA), which allows us to obtain information about the use of our website and to present you with advertising content on other websites that is tailored to your interests. For this purpose, a cookie with a validity of 120 days is set in your browser, which enables LinkedIn to recognise you when you visit a website. LinkedIn uses this data to create anonymous reports for us on advertising activities and information on how you interact with our website.

You can deactivate the LinkedIn Insight Conversion Tool and interest-based advertising by opting out at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

Further information on data protection at LinkedIn can be found here: https://www.linkedin.com/legal/privacy-policy#choices-oblig

Google Ads & Conversion Tracking

To draw attention to our products, we place Google Ads adverts and use “Google Conversion Tracking”, a service provided by Google Inc (USA). These adverts are displayed after search queries on websites in the Google advertising network. We have the option of combining our adverts with specific search terms. With the help of cookies, we can display adverts based on users’ previous visits to our website.

When you click on an advert, Google places a cookie on the user’s computer. Further information on the cookie technology used can also be found in Google’s notes on website statistics and in the privacy policy.

With the help of this technology, Google and we receive information that users have clicked on an advert and have been redirected to our websites. The information obtained in this way is used exclusively for statistical analysis to optimise advertising. We do not receive any information with which visitors can be personally identified. The statistics provided to us by Google include the total number of users who clicked on one of our adverts and, if applicable, whether they were redirected to a page on our website with a conversion tag. Based on these statistics, we can see which search terms were clicked on particularly often and which adverts led to contact being made via the contact form.

If you do not want this, you can prevent the cookies required for these technologies from being saved, for example via your browser settings. In this case, your visit will not be included in the usage statistics.

You also have the option of selecting the types of Google ads or deactivating interest-based ads on Google via the ad settings. Alternatively, you can deactivate the use of cookies by third-party providers by calling up the deactivation help of the Network Advertising Initiative. See: http://www.networkadvertising.org/choices/ and http://www.youronlinechoices.com/

However, we and Google continue to receive statistical information about how many users have visited this site and when. If you do not wish to be included in these statistics either, you can prevent this by using additional programmes for your browser (e.g. the Ghostery add-on).

Social media

D&TS operates its own pages on various social networks to enable an exchange with interested users or customers and to inform them about the D&TS product portfolio. D&TS does not process any usage data in social networks itself and can only evaluate and use the anonymised data from LinkedIn, for example. This may result in the transfer of usage data to countries outside the European Union. Furthermore, the usage data collected is processed for marketing purposes, for example to define target groups and then display targeted advertising material to them on the respective social media platform. To make this possible, cookies are often stored by the social network/the respective provider of the social network, which contain the online behaviour, interests or similar of the users.

Usage profiles on the respective platforms may also contain data that is stored independently of the end device. The legal basis for this type of data processing is the legitimate interest of D&TS in functional and stable communication with users via the respective online presence.

The social media providers may ask you for your consent to the respective data processing. In this case, the legal basis for the data processing would be precisely this consent. As the data subject of the data processing, you can assert various rights against the controller (more information under point 25). Please note, however, that the best way to exercise these data subject rights is to assert them directly with the platform provider. As a rule, only the platform providers have direct access to the processed data and are the only ones who can take appropriate measures. We are of course at your disposal if you have any further questions in this regard.

In order to provide you with as much relevant information as possible regarding data processing in social networks, we also refer you to the data protection notices or data protection declarations of the individual platform providers:

• Xing: https://privacy.xing.com/de/datenschutzerklaerung
• Linked-In: https://www.linkedin.com/legal/privacy-policy
• Youtube: https://policies.google.com/privacy

(Social media) plugins

Third-party content may be used within the D&TS website (so-called plugins). These may take the form of YouTube videos, RSS feeds or graphics from other sites or social media buttons, such as the Facebook share button.

If you are on a D&TS website on which third-party content is integrated, a connection may be established with the respective social network. This allows the content of the buttons to be transmitted to your browser and integrated into the website. This means that the respective provider always receives the information that you have accessed the D&TS website. It is irrelevant whether you are a member of a social network or not logged into one. Furthermore, regardless of whether you actually interact with the integrated content, information is automatically collected by the social network. The following data may be transmitted: IP address, browser information and operating systems, screen resolution, installed browser plugins (e.g. Adobe Flash Player), origin of the visitor (if you have followed a link) and the URL of the current page.

If you are logged in to one of the social networks while using the D&TS website, the information about your visit to the website may be linked to your membership data and stored. If you are a member of a social network and do not wish this data to be transferred, you must log out of the social network before visiting the D&TS website.

D&TS has no influence on the scope of the data collected by the social networks. The type, scope and purpose of data processing, information on the further processing of the data and your rights and settings options for protecting your privacy in this regard can be found in the privacy policies of the respective social networks. You also have the option of blocking social media plugins with add-ons in your browser and thus preventing data transmission.

LinkedIn plugin

Our website uses functions of the LinkedIn network. The provider is LinkedIn Inc (USA). Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click on the LinkedIn “Recommend” button and are logged into your LinkedIn account, LinkedIn is able to associate your visit to our website with you and your user account. We would like to point out that, as the provider of the pages, we have no knowledge of the content of the transmitted data or its use by LinkedIn.

Further information on this can be found in LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.

XING Plugin

Our website uses functions of the XING network. The provider is XING AG (Germany). Each time one of our pages containing XING functions is accessed, a connection to XING servers is established. To the best of our knowledge, no personal data is processed in the process. In particular, no IP addresses are stored and usage behaviour is not evaluated.

Further information on data protection and the XING Share button can be found in XING’s privacy policy at https://www.xing.com/app/share?op=data_protection.

YouTube plugin

Our website uses plugins from the YouTube site operated by Google. The operator of the pages is YouTube LLC (USA). When you visit one of our pages equipped with a YouTube plugin, a connection to the YouTube servers is established. The YouTube server is informed which of our pages you have visited.

If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

Further information on the handling of user data can be found in YouTube’s privacy policy at: https://www.google.de/intl/de/policies/privacy.

Google Maps

We integrate Google Maps from the service provider Google LLC (USA) on our website in order to display interactive maps directly on the website and to enable convenient use of the map function. In order to use these services, the IP address of the user is transmitted to Google. The IP address is required to display this content, but is only used to deliver the content. Your location data will not be collected by Google without your consent (usually as part of your device settings).

You can access Google’s privacy policy below: https://policies.google.com/privacy

LinkedIn Lead Gen Forms and Facebook Lead Adsexpand_more

D&TS uses the “Lead Gen Forms” ad format on LinkedIn. This format involves forms that have already been partially pre-filled with LinkedIn profile data, with which users can register for a D&TS event, for example, or request to be contacted, depending on the content of the form. Users who have completed and submitted such a form on LinkedIn or Facebook are considered data subjects and can assert various rights against the data controllers. As the form can only be sent if the user consents to the data processing, the legal basis is the consent of this person.

Your rights as a data subject

You have the right to at any time:

• Free information about your stored personal data, its origin and recipients and the purpose of the data processing,
• Correction of data,
• Blocking of ,
• Deletion of data,
• The receipt of your data in a structured, commonly used and machine-readable format (right to data portability),
• Revocation of your consent to the processing of your personal data,
• Complaint to the competent supervisory authority

Objection to processing based on legitimate interest

You also have the right to object to the processing of your personal data at any time if this is carried out by D&TS on the basis of a legitimate interest (pursuant to Art. 6 para. 1 lit. f GDPR). As a result, the processing of your data will be stopped unless D&TS can justify a continuation of the processing due to legal requirements or interests worthy of protection. This is the case, for example, if data is still required in order to be able to enforce legal claims.

Objection to processing for the purpose of direct marketing

You can object to the processing of your personal data for advertising and data analysis purposes at any time (“objection to advertising”). Upon request, we will inform you in writing in accordance with the applicable law whether and which personal data we process about you.

Your contact person in data protection matters

If you have any questions regarding the processing of your personal data, you can contact our data protection officer and his team directly, who are also available in cases of requests for information, applications or complaints:

D&TS GmbH

Wilhelmstrasse 41-43

D-58332 Schwelm

Phone: +49 (0) 2336 42828-0

E-mail: datenschutz@dundts.com

Represented by its managing director: Mr Paulo Ferreira

If you wish to exercise your right to lodge a complaint with the competent supervisory authority, please contact the following address:

The State Commissioner for Data Protection of North Rhine-Westphalia

Kavalleriestraße 2-4

40213 Düsseldorf

Status March 2024