Name and address of the person responsible
The controller is the body which alone – or jointly with others – determines the purposes and means of the processing of personal data. The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is the:
DDM GmbH & Co. KG
Personally liable partner: Peter Arbes Verwaltungs GmbH, represented by the managing director
Peter Arbes
Marie-Curie-Str. 8
36039 Fulda
Phone: +49 661 967 962-0
E-mail: info@ddm-sensors.de
I. General information on data processing
1. scope of the processing of personal data
The controller collects and uses the personal data of its users (hereinafter also referred to as “data subject”, “person concerned” or “visitor”) only insofar as this is necessary to provide a functional website and to display the content and services. The collection and processing of users’ personal data for other purposes only takes place regularly with the user’s consent. An exception applies in cases where it is not possible to obtain prior consent for factual reasons, the processing is based on pre-contractual or contractual measures, the processing of the data is permitted by law and/or the controller has a legitimate interest in the processing.
Your personal data is generally collected directly from you, e.g. when you contact us, consent to services on this website or use forms on this website. In addition, technical data that is absolutely necessary for the operation of the site is automatically collected when you enter the site.
2. legal basis for the processing of personal data
Insofar as the controller obtains the consent of the data subject for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. If special categories of data are processed in accordance with Art. 9 para. 1 GDPR, Art. 9 para. 2 lit. a GDPR serves as the legal basis. For any transfer to a non-secure third country, processing is carried out on the basis of Art. 49 para. 1 sentence 1 lit. a GDPR. If you have consented to the storage of cookies or access to information in your end device, the data processing is also carried out on the basis of Section 25 (1) TDDDG.
When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 sentence 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. If the person is the contact person of a (potential) business partner (customer, supplier, partner), the legal basis for (pre-)contractual measures is Art. 6 para. 1 sentence 1 lit. f GDPR.
Insofar as the processing of personal data is necessary to fulfill a legal obligation to which the controller is subject, Art. 6 para. 1 sentence 1 lit. c GDPR serves as the legal basis.
In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 sentence 1 lit. d GDPR serves as the legal basis.
If the processing is necessary to safeguard a legitimate interest of the controller or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 sentence 1 lit. f GDPR serves as the legal basis for the processing.
3. data erasure and duration of processing
If no exact storage period has been specified in this data protection information, the personal data of our website visitors will remain with us until the purpose for data processing no longer applies. The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply or consent given by the data subject is withdrawn or processing is objected to. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.
4. data transfer to a third country or an international organization
The European General Data Protection Regulation (GDPR) requires that the transfer of personal data that is already being processed or is to be processed after its transfer to a third country or an international organization is only permitted if a level of data protection comparable to the requirements of the GDPR is guaranteed. In other words, if it is ensured that the provisions of the GDPR are complied with – this may include, for example, the existence of an adequacy decision by the EU Commission within the meaning of Art. 45 para. 1, 3 GDPR or the introduction of internal company data protection regulations approved by a supervisory authority (so-called “appropriate safeguards”, Art. 46 para. 2, 3 GDPR). If there is no level of data protection comparable to the requirements of the GDPR, there may be risks associated with processing in a third country.
Risks of a transfer to a non-secure third country: Personal data could possibly be passed on by the provider to other third parties beyond the actual purpose of fulfilling the order, who could use the data for advertising purposes, for example. In addition, it is probably not possible to effectively enforce any data subject rights against the provider. There may be a higher probability that incorrect data processing may occur, as the provider’s technical and organizational measures for the protection of personal data do not fully meet the requirements of the GDPR in terms of quantity and quality. It is also possible for government agencies to access the personal data provided without the data subject being aware of this. In principle, this also corresponds to the European legal regulations, e.g. for the purpose of averting danger. However, the admissibility threshold for such data processing is higher in the European Union than in the country of the data recipient concerned. In summary, there is no level of data protection comparable to the requirements of the GDPR in non-secure third countries.
Among other things, we use tools on our website from providers whose headquarters or the headquarters of the parent company (or its affiliates) are located in a third country from a data protection perspective. We also transfer data to the USA. The transfer of data to the USA is permitted if the recipient is certified under the “EU-US Data Privacy Framework” (DPF) or has suitable additional guarantees. The DPF is an (individual) agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Every DPF-certified company undertakes to comply with these data protection standards. The list of certified companies can be found at: https://www.dataprivacyframework.gov/list. There you can search for the provider name and view the certification directly. If data is transmitted to a provider that is certified in accordance with the DPF, you will find a separate note from the respective service provider.
In addition, tools from other providers from third countries and US providers that are not certified in accordance with the EU-US Data Privacy Framework (DPF) may also be used on our website. The transfer and processing of personal data of data subjects in connection with these tools takes place under the conditions of Art. 49 para. 1 sentence 1 lit. a GDPR – on the basis of consent given by the data subject. If data is transferred on the basis of consent to a provider whose processing takes place in a non-secure third country, a separate notice will be provided by the respective service provider.
5. necessity of the provision of personal data
The provision of your personal data is not required by law or contract. There is no obligation to provide it. However, failure to provide it may mean that you are unable to use functions, services, forms and other processing on our website. We recommend that you only provide the personal data that is required, for example, to process your request, to carry out your desired offer and to use the functions we offer. If the provision of your personal data is required by law or contract, we will inform you of this by means of a separate note on the respective processing in this data protection information.
The collection of technical data (and possibly the collection of your IP address as personal data) for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website and takes place automatically when you enter this website. If you do not wish this to happen, you must leave this page.
II. Rights of the data subject
If we process your personal data, you as the data subject have the following rights vis-à-vis us as the controller:
1. right to information, Art. 15 GDPR
Within the framework of the applicable legal provisions, you have the right to (free) information about your collected and stored personal data at any time. This also includes information about the purposes of processing, its origin and recipients, the storage period and the existence of various rights.
2. right to rectification, Art. 16 GDPR
You have a right to rectification (also in the sense of completion) of your data vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete for the purpose of processing. The controller must make the correction without delay.
3. right to erasure, Art. 17 GDPR
You can request the deletion of your personal data at any time under the conditions of Art. 17 GDPR, unless there are still circumstances that entitle or oblige the controller to continue processing your personal data (such as statutory retention obligations).
4. right to restriction of processing, Art. 18 GDPR
If the legal requirements are met, you can request a restriction on the processing of your personal data within the scope of Art. 18 GDPR.
5. right to information, Art. 19 GDPR
If your personal data has been processed by recipients to whom the controller has disclosed the data, the controller is obliged to inform them of your requests for rectification, erasure or restriction of processing, unless this proves impossible or involves a disproportionate effort. You can request that the controller inform you about these recipients.
6. right to data portability, Art. 20 GDPR
If you have provided us with personal data and automated processing is carried out on the basis of your consent or on the basis of a contract, you have the right to transfer the data provided by you within the scope of Art. 20 GDPR, provided that this does not adversely affect the rights and freedoms of other persons. The data will be provided in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
7. right to object, Art. 21 GDPR
You have the right to object to the processing of your data at any time, provided that the processing is carried out on the basis of a balancing of interests. This is the case if the controller relies on the public interest or its legitimate interest for processing (see Art. 6 para. 1 sentence 1 lit. e and f). The prerequisite is that you assert reasons arising from your particular situation which outweigh the interests of the controller. The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
Art. 21 para. 2 GDPR contains a special, deviating regulation if the personal data concerning you is used for direct marketing, in which case you have the right to object to the processing of personal data concerning you at any time without further requirements. The personal data concerning you will no longer be processed for the purpose of direct marketing. If profiling is associated with direct advertising, you can also object to this.
In connection with the use of information society services, you have the option of exercising your right to object by means of automated procedures that use technical specifications.
8. automated decision in individual cases, Art. 22 GDPR
In accordance with Art. 22 GDPR, you have the right that decisions which produce legal effects concerning you or similarly affect you are not based solely on automated processing, including profiling. Exceptions may exist if appropriate measures for the protection of your person are guaranteed and there are necessary contractual regulations or a legal provision or you have expressly consented.
9. right to withdraw your consent, Art. 7 para. 3 GDPR
You have the right to revoke your declaration of consent under data protection law at any time. The legality of the data processing carried out until the revocation remains unaffected by the revocation. You can send the revocation by e-mail or by post to the controller.
10. right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority for data protection, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.
The supervisory authority responsible for us is the Hessian Commissioner for Data Protection and Freedom of Information. If you are in another federal state or not in Germany, you can also contact the data protection authority there.
III. SSL/TLS encryption
This website uses SSL/TLS encryption for security reasons and to protect the transmission of confidential content, such as the requests you send to us as the site operator. An encrypted connection can be recognized by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in the browser line. If SSL/TLS encryption is activated, the data you transmit to us cannot be read by third parties.
IV. External hosting
1. description and scope of data processing
This website is hosted by an external service provider (so-called hoster). The personal data collected on this website is stored on the hoster’s servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact details, names, page views and other data generated via a website.
2. legal basis for data processing
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR for the provision of the website.
3. purpose of data processing
The hoster is used for the purpose of secure, fast and efficient provision of our online offering and the reliable presentation and provision of our website by a professional provider. Our legitimate interest lies in these purposes.
4. duration of storage, possibility of objection and removal
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.
5. conclusion of a contract for order processing
In connection with the data processing described above, the data is forwarded and processed by our external host: Weber-DV EDV-Service GmbH, Wilhelm-Leitschuh-Str. 4, 36145 Hofbieber. We have concluded an order processing contract with our hoster. This is a contract prescribed by data protection law, which ensures that our hoster processes the personal data of our site visitors only in accordance with our instructions and in compliance with data protection regulations (GDPR, BDSG, etc.).
V. Provision of the website and creation of log files
1. description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the system of the accessing device.
The following data is collected:
- Information about the browser type and version used (if provided by the user)
- The user’s operating system
- The number of visits to the site
- The time spent on the page
- The IP address of the user
- Date and time of access
- Internet pages from which the user’s system accesses our website (if transmitted by the user)
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user.
2. legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 sentence 1 lit. f GDPR.
3. purpose of data processing
Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
Data is stored in log files to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. The data is not analyzed for marketing purposes in this context.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
4. duration of storage, possibility of objection and removal
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
If the data is stored in log files, this is the case after 30 days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymized so that it is no longer possible to identify the accessing end device.
The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.
VI. Use of cookies
1. description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s system. When a user accesses our website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
We use a consent management system on our website that has been specially programmed for our website. This is used to manage and store your consents and refusals and to inform you about the processing on this website. Reference is also made to this data protection information.
We use cookies to make our website more user-friendly. Some elements of our website require that the accessing browser can be identified even after a page change. In summary, these cookies are technically necessary for the operation of our website. Among other things, the following data is stored and transmitted in the cookies: Language settings, items in a shopping cart, log-in information, security settings.
In principle, you can prevent or block the storage of cookies on your end device in your browser settings. To do this, you must call up the respective settings of your browser. You can also delete your stored cookie data in your browser settings.
2. legal basis for data processing
Our consent management is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 para. 1 sentence 1 lit. c GDPR; cookies are stored on your end device on the basis of Section 25 para. 2 no. 2 TDDDG.
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 sentence 1 lit. f GDPR; the storage of cookies in your terminal device is based on § 25 para. 2 no. 2 TDDDG.
3. purpose of data processing
The use of consent management and the associated processing of your personal data serves to comply with the legal requirements of the GDPR and the TDDDG for obtaining and documenting consent.
The purpose of using technically necessary cookies is to simplify the use of the website for you. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a change of website. Cookies are also required to manage your consents and refusals. We require cookies for the following applications: maintaining the session / logging into the customer account; saving the shopping cart; payment processing; adopting language settings; consent management; protecting the security of our systems.
These purposes also constitute our legitimate interest in the processing of personal data in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR. The user data collected by technically necessary cookies is not used to create user profiles.
4. duration of storage, possibility of objection and removal
Cookies are stored on the user’s computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.
The data collected via consent management is stored until you ask us to delete it, delete the associated cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected by this.
The individual cookies we use are stored for the following duration:
- Pll_language (language setting) – Storage period: 12 months
- Com4cookies_options (consent management) – Storage period: 1 month
- __stripe_mid (fraud prevention) – Storage duration: end of session 12 months
- __stripe_sid (fraud prevention) – Storage duration: end of session
- Woocommerce_items_in_cart (shopping cart storage) – Storage duration: End of session
- Wp_woocommerce_session_* (user actions) – storage duration: 2 days
- Woocommerce_cart_hash (shopping cart storage) – Storage duration: End of session
- WordPress_logged_in_* (maintaining the login) – Storage duration: End of session
- Wfwaf_authcookie_* (detection of the login) – storage duration: 12 hours
- WordPress_sec_* (security settings) – Storage duration: 15 days
VII. Contact by e-mail and/or telephone
1. description and scope of data processing
Our website and our signatures contain e-mail addresses and telephone numbers that can be used to contact us electronically and/or by telephone. In this case, the personal data of the data subject transmitted with the e-mail will be stored. If you contact us by telephone, personal data may also be stored in order to process your inquiry.
No data will be passed on to third parties in this context. The data will only be used to contact you and to conduct the conversation.
2. legal basis for data processing
The legal basis for the processing of data transmitted in the course of sending an email or during a telephone call is Art. 6 para. 1 sentence 1 lit. f GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR; if the contact person is the contact person of a (potential) business partner (customer, supplier, partner), the legal basis for (pre-)contractual measures is Art. 6 para. 1 sentence 1 lit. f GDPR.
3. purpose of data processing
The processing of personal data serves us solely to process the contact. This also constitutes the necessary legitimate interest in the processing of the data.
4. duration of storage, possibility of objection and removal
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For personal data sent by email or transmitted by telephone, this is the case when the respective conversation with the data subject has ended. The conversation ends when it can be inferred from the circumstances that the matter in question has been conclusively clarified. If a contract is concluded as a result of the contact, the corresponding (statutory) retention obligations and regulations apply.
If a data subject contacts us by email or telephone, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.
VIII. Contact forms
1. description and scope of data processing
Various contact forms are available on our website which you can use to contact us electronically. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.
General contact form
Mandatory fields: Title, surname, first name, message and other personal data that you send us via the message field in the contact form, Captcha
Optional fields: Company, telephone, newsletter registration (checkbox)
Callback form
Mandatory fields: Last name, first name, phone, captcha
Optional fields: Company
Configuration request form
Mandatory fields: E-mail address – The product and the (configuration) code are also transmitted when the form is sent.
Optional fields: Name, request and other personal data that you send us via the request field in the form.
In addition, the following data is stored when the forms are used:
- IP address of the user
- Date and time of contact
For the processing of the data, reference is made to this data protection information as part of the sending process. The data is used exclusively for processing the conversation.
Optional registration for our newsletter:
It is possible to register for our newsletter via some of the forms. Further information on our newsletter can be found in this data protection information under IX Newsletter: Registration and dispatch.
2. legal basis for data processing
The legal basis for the processing of data transmitted via the contact form is Art. 6 para. 1 sentence 1 lit. f GDPR. If the contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR; if the user is the contact person of a (potential) business partner (customer, supplier, partner), the legal basis for (pre-)contractual measures is Art. 6 para. 1 sentence 1 lit. f GDPR.
The legal basis for the processing of all other personal data processed during the sending process that is transmitted via the contact form is Art. 6 para. 1 sentence 1 lit. f GDPR.
3. purpose of data processing
The processing of the personal data from the input mask serves us solely to process the contact. The other personal data processed during the sending process is used to prevent misuse of the contact form and to ensure the security of our information technology systems. Our legitimate interest also lies in these purposes.
4. duration of storage, possibility of objection and removal
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the contact form, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.
If a user contacts us via the form, they can object to the storage of their personal data at any time. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.
IX. Newsletter: Registration and dispatch
1. description and scope of data processing
You can subscribe to a free newsletter on our website. When you register for the newsletter, the data from the input screen is transmitted to us. This involves the following data: Title, surname, first name, email address, captcha, consent given (checkbox). The following data is also collected during registration:
- Date and time of registration
Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy.
Part of our newsletter is the delivery of product information that we believe will be of interest to you, e.g. new developments in the product world, contacting you to inform you about our products and contacts and to inform you about innovations and developments in pressure and flow technology or information on offers, products and systems. The newsletter is sent out regularly, i.e. approximately every 1 to 3 months by e-mail.
Your data will be used exclusively for sending the newsletter.
Measurement of opening and click rates
Based on your consent, we also evaluate your user behavior within the information we send and assign this information to your e-mail address within our newsletter system. Each newsletter sent to you contains pixel-sized files that enable us to evaluate confirmations of receipt and reading as well as information about the links you have clicked on in our newsletter. We also store which areas of our website you have visited. The information collected is used to improve the technical aspects and content of our information. By creating a personal user profile, we would like to tailor our advertising to your interests and optimize our offers on our website for you. We use the eTracker service to evaluate our newsletter. This allows a statistical evaluation of the success or failure of online marketing campaigns to be carried out. We can recognize whether and when an email was opened by a data subject and which links in the email were accessed by the data subject. Such collected personal data is stored and evaluated by us in order to optimize the newsletter dispatch and to adapt the content of future newsletters even better to the interests of the data subject. The measurement of opening rates and click rates as well as the storage of the measurement results in the user profiles and their further processing are carried out on the basis of the user’s consent. Further information on eTracker and its use on our website can be found in this data protection information under point XIII. use of eTracker.
Double opt-in procedure
Registration for our newsletter is always carried out using a double opt-in procedure. After registering on our website, you will receive an e-mail asking you to confirm your registration for our newsletter. This confirmation serves as proof that you have registered for our newsletter with your e-mail address.
Storage of your revocation
We may also store unsubscribed e-mail addresses on the basis of our legitimate interest in order to be able to prove a previously given consent even after unsubscribing from our newsletter.
2. legal basis for data processing
The legal basis for the processing of data when registering for our newsletter and the evaluation of our newsletter (newsletter tracking) is the existence of the user’s consent (with double opt-in) in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR. The legal basis for the implementation of the double opt-in procedure is Art. 6 para. 1 sentence 1 lit. f GDPR for proof and verification of your consent. For storage for verification purposes and defense against liability claims (storage of revocation) Art. 6 para. 1 sentence 1 lit. f GDPR. Your consent and your revocation are stored in order to be able to prove (previously) given consent, even after revocation, and thus to defend against any liability claims. Our legitimate interest lies in these purposes.
The legal basis for the processing of all other personal data processed during the registration process, which is transmitted during registration for our newsletter, is Art. 6 para. 1 sentence 1 lit. f GDPR.
3. purpose of data processing
The purpose of collecting the user’s e-mail address is to deliver the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used. The collection of analysis data from the delivery of the newsletter serves to improve and optimize our services.
The double opt-in procedure is used to prove and verify your consent. The storage of your revocation is carried out in order to be able to prove previously given consent even after revocation and thus to ward off any liability claims.
The other personal data processed during the sending process serve to prevent misuse of the newsletter registration and to ensure the security of our information technology systems. Our legitimate interest also lies in these purposes.
4. duration of storage, right of objection, revocation and removal
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. The user’s e-mail address is therefore stored for as long as the subscription to the newsletter is active.
The other personal data collected during the registration process is generally deleted after a period of 30 days.
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You can send the revocation either by post or by e-mail to the controller.
We may also store unsubscribed e-mail addresses for up to three years on the basis of our legitimate interest in order to be able to prove a previously given consent even after unsubscribing.
The subscription to the newsletter can be canceled by the user concerned at any time. For this purpose, there is a corresponding link in every newsletter. This also makes it possible to withdraw consent to the storage of personal data collected during the registration process.
It is not possible to cancel the newsletter tracking separately; in this case, the entire subscription must be canceled.
X. Data transmission upon conclusion of contract for online store and dispatch of goods
1. description and scope of data processing
As a user of our website, you have the option of ordering goods via our store. The processing of your personal data serves the purpose of general communication and contract processing with you. The following data is processed for the execution of orders:
- Master and contact data such as title, first and last names, private and/or business address, private and/or business telephone number, private and/or business mobile phone number and private and/or business e-mail address
- Payment data, such as information required for the processing of payment transactions
- Identification and user data
- Communication data in connection with correspondence
- Contract and billing data
- Further consents that you provide as part of the order
- Other data whose processing is necessary in the context of processing our contractual relationships or which is provided voluntarily
If you wish, you can also enter an individual delivery address.
In addition, a customer account can be created at the customer’s request. Further information on this can be found in our data protection information under XI. Customer account: Registration and customer area. You can register for our newsletter before sending your order. Further information on this can be found in our data protection information under IX Newsletter: Registration and dispatch. At the end of the order form there is a reference to this data protection information.
We offer various payment options in our store. If you order goods from us, we will pass on your personal data to the transport company entrusted with the delivery and to the payment service provider commissioned to process the payment. Further information on the various payment service providers can be found in this data protection information. Only the data required by the respective service provider to fulfill its task will be disclosed. Further information on this can be found in our data protection information under XIV Use of payment services. No further transmission of data takes place.
2. legal basis and purpose of data processing
The legal basis for the processing of the data is the fulfillment of a contract or the implementation of pre-contractual measures on the basis of Art. 6 para. 1 sentence 1 lit. b GDPR; if the person is the contact person of a (potential) business partner (customer, supplier, partner), the legal basis for (pre-)contractual measures is Art. 6 para. 1 sentence 1 lit. f GDPR. Data processing is carried out to process contracts and payments via the store at www.ddm-sensors.de. This includes general contract processing (planning, implementation and administration of the (contractual) business relationship; processing of product orders) and general communication on products; exercising rights and obligations arising from the right of purchase; settling legal disputes, enforcing existing contracts and asserting, exercising and defending legal claims; providing and setting up a customer account; carrying out financial accounting, e.g. collection of payments, billing, invoicing, payment and payment processing. Collection of payments, invoicing, debt collection, dunning; compliance with legal requirements (e.g. retention obligations under tax and commercial law); preparation of documents and evidence; customer data management and evaluation.
Furthermore, we process your personal data due to legal requirements on the basis of Art. 6 para. 1 sentence 1 lit. c GDPR in conjunction with the respective standard in order to fulfill our legal obligations. Within the contractual relationship, we process your data in particular to comply with commercial and tax obligations under the German Fiscal Code (AO) and the German Commercial Code (HGB).
The legal basis for the processing of all other personal data processed during the sending process, which are transmitted as part of the order, is Art. 6 para. 1 sentence 1 lit. f GDPR. The other personal data processed during the sending process serve to prevent misuse of the order form and to ensure the security of our information technology systems. Our legitimate interest also lies in these purposes.
The processing of your data may also be in our legitimate interest (on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR). The processing is carried out for statistical purposes in order to be able to take operational requirements into account; for technical evaluation and analysis purposes in order to ensure the security of our information technology systems; to optimize our business processes, such as maintaining a customer relationship management database; to maintain and protect the security of our products; to prevent and detect security risks, fraudulent actions or other criminal or damaging actions. For these purposes, our legitimate interest lies in the processing of personal data in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.
3. duration of storage, possibility of objection and removal
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the fulfillment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations. For further information on the retention period of individual data after termination of the contractual relationship, please contact the responsible data protection officer.
The additional personal data collected during the sending process will be deleted after a period of 30 days at the latest.
XI. Customer account: Registration and customer area
1. description and scope of data processing
On our website, we offer our customers the opportunity to register and create a customer account by providing personal data. The data is entered into an input mask and transmitted to us and stored. The following data is collected as part of the registration process: User name, e-mail address and password. If you create your customer account as part of an order, the data from your order will be transferred directly to your customer account.
After a successful order, the following data is also stored in the customer account: Data from your orders (see point X. of this data protection information), your order history, your download history, your addresses used, saved payment methods and account details. If you use the customer account, we also collect legitimation and user data from you.
The following data is also stored at the time of registration:
- IP address of the user
- Date and time of registration
As part of the registration process, the user is referred to this data protection information.
Activation of your customer account:
After registering on our website, you will receive an e-mail asking you to confirm the activation of your customer account. This confirmation serves as proof that you have registered with your e-mail address.
2. legal basis for data processing
Registration serves the fulfillment of a contract to which the user is a party or the implementation of pre-contractual measures, so the additional legal basis for the processing of the data is Art. 6 para. 1 sentence 1 lit. b GDPR; if the user is the contact person of a (potential) business partner (customer, supplier, partner), the legal basis for (pre-)contractual measures is Art. 6 para. 1 sentence 1 lit. f GDPR.
The legal basis for sending the activation email is Art. 6 para. 1 sentence 1 lit. f GDPR to prove and verify your registration. The legal basis for the processing of all other personal data processed during the sending process, which is transmitted during registration, is Art. 6 para. 1 sentence 1 lit. f GDPR.
3. purpose of data processing
Registration is voluntary for the user and serves to simplify the fulfillment of a contract. Creating a customer account makes it easier for the user to place orders. The registration of the user therefore serves to fulfill a contract with the user or to carry out pre-contractual measures.
The other personal data processed during the sending process serve to prevent misuse of the registration form and to ensure the security of our information technology systems. Our legitimate interest also lies in these purposes.
4. duration of storage, possibility of objection and removal
The data will be deleted as soon as it is no longer required for the purpose for which it was collected.
This is the case during the registration process for the performance of a contract or for the implementation of pre-contractual measures if the data is no longer required for the performance of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to fulfill contractual or legal obligations. If the data is required to fulfill a contract or to carry out pre-contractual measures, premature deletion of the data is only possible insofar as contractual or legal obligations do not prevent deletion.
The additional personal data collected during the sending process will be deleted after a period of 30 days at the latest.
XII. Use of eTracker
1. description and scope of data processing
We use the analytics service etracker on our website. The provider is etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, www.etracker.com.
Etracker enables us to analyze the usage data of our website and our newsletter. For this purpose, etracker collects, among other things, your shortened IP address, geo-information (maximum city level), log files and other information that your browser transmits to our web server when you visit the site. This allows us to measure page interactions such as length of stay, conversions (e.g. registrations, orders), scroll events, clicks and page views of the page visitor. For session tracking, etracker analytics does not store any data on the user’s end device, but assigns interactions to the respective visits purely on the server side using securely hashed session tokens. Reporting in etracker analytics is based on anonymized and mainly aggregated data.
Further information can be found in etracker’s data protection information: https://www.etracker.com/datenschutzerklaerung/
2. purpose and legal basis for data processing
Without your consent, no cookies will be stored in your browser and no information will be read from the memory of your end device. The cookie-free use of this analysis tool is based on Art. 6 para. 1 sentence 1 lit. f GDPR. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. The rights and fundamental freedoms of the data subjects are safeguarded. The IP address is anonymized as early as possible during the analysis with etracker and visitor recognition is only possible for the duration of the current day. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG.
3. duration of storage, right of objection, revocation and removal
The interactions recorded are assigned to the site visitor for the duration of the current day so that they can be recognized on subsequent visits. After the end of the day, visitor recognition is no longer possible.
If a corresponding consent has been requested, you have the right to revoke your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can revoke the consent you have given via Consent Management.
You can deactivate etracker here:
4. conclusion of a contract for order processing
In connection with the data processing described above, the data is passed on and processed by our service provider: etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg. We have concluded an order processing contract with this company. This is a contract prescribed by data protection law, which ensures that etracker processes the personal data of our website visitors only in accordance with our instructions and in compliance with data protection regulations (GDPR, BDSG, etc.).
XIII. Google Maps
1. description and scope of data processing
This website uses Google Maps for the provision of map services (including route planning etc.). The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ireland Limited is a subsidiary of Google LLC. based in the USA.
Google Maps is a service that enables map services such as route planning, views of satellite images and other actions such as searching for locations, public buildings, places of interest, etc. You can find more information about the functions of Google Maps at: https://support.google.com/maps/
The data transmitted by you for the purpose of using these map services is stored on the servers of Google LLC. in the USA. Google Ireland Limited has concluded a contract with Google LLC in accordance with standard contractual clauses (https://privacy.google.com/businesses/gdprcontrollerterms/ ). For information on data protection, please refer to the Google Maps privacy policy at https://policies.google.com/privacy?hl=de
To use all functions of Google Maps, your IP address is stored and sent to the servers of Google LLC. in the USA. As the provider of the website, we have no influence on this data transmission. Google Maps uses various browser technologies that enable the recognition of the user for the purpose of analyzing user behavior. This information is used, among other things, to compile reports on website activity. Google also transmits your data to Google affiliates and other partners.
Upstream user action
If you have not consented to the processing of your data for the use of Google Maps
within Consent Management, the map that is integrated on our site will not be opened immediately. You can also give your consent directly on the map afterwards by means of an upstream action.
Use of a provider based in a third country
The information collected by Google about the use of this website is generally transferred to a Google server in the USA and stored there. The parent company Google LLC. is certified in accordance with the “EU-US Data Privacy Framework” (DPF). Further information on the DPF can be found in this data protection information under “I. General information on data processing – 4. Data transfer to a third country or an international organization”.
2. legal basis for data processing
The legal basis for the processing of the data is the existence of the user’s consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR – as well as § 25 para. 1 sentence 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG.
3. purpose of data processing
Data processing serves to present our company and to make it easy to find our company.
4. duration of storage, possibility of objection and removal
Your personal information will be stored for as long as necessary to fulfill the purposes described above or as required by law.
You have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can revoke the consent you have given via Consent Management.
Open Consent ManagementXIV. Use of payment services
1. description and scope of data processing
We offer various payment options on our website. When you make a purchase from us, your payment details (e.g. name, payment amount, account details, credit card number) are processed by the payment service provider for the purpose of payment processing. The respective contractual and data protection provisions of the respective providers apply to these transactions. Please note that due to the integration of the payment service providers on our site, external connections to the respective payment service provider and their partners are established during the processing of the payment transaction within the “checkout”. In addition, the payment service providers use cookies and other browser technologies to provide their services, which are accessed via the respective payment service provider as the page host.
We use the following payment service providers on this website:
PayPal:
PayPal is an online payment service that companies can integrate as a payment option on their website. The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg. If you place an order via our website, your user data will be transmitted to PayPal. If you select payment via PayPal, the payment data you enter will be transmitted to PayPal. When using PayPal as a payment option, PayPal processes the following data, for example Payment amount, user device information, technical usage data and user geolocation data. According to PayPal, information such as the user’s name, address, telephone number, email address and bank account number is collected as part of the purchase. If you are already registered with PayPal, your data will be linked to your PayPal account. Further information about PayPal can be at: //www.paypal.com/de/legalhub/privacy-full. Personal data may also be processed in a third country, namely the USA, via PayPal’s parent company. The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.paypal.com/de/legalhub/privacy-full.
Stripe:
We use Stripe as an additional service. Stripe is a financial services provider that offers various payment products (online and in person). The provider for customers within the European Union is Stripe Payments Europe, Ltd, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland. Stripe is integrated in order to offer credit card payments. The payment data you enter is transmitted to Stripe. Personal data may also be processed in a third country, namely the USA, via the parent company (Stripe, Inc.). The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://stripe.com/de/privacy and https://stripe.com/de/guides/general-data-protection-regulation. The parent company Stripe, Inc. is certified in accordance with the “EU-US Data Privacy Framework” (DPF).
2. purpose and legal basis for data processing
The use of payment service providers on our website and in our store is based on Art. 6 para. 1 sentence 1 lit. b GDPR (contract processing) and in the interest of a smooth, simplified, convenient and secure payment process for our customers (Art. 6 para. 1 sentence 1 lit. f GDPR). If the contact person is the contact person of a (potential) business partner (customer, supplier, partner), the legal basis for (pre-)contractual measures is Art. 6 para. 1 sentence 1 lit. f GDPR.
If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR, if applicable Art. 49 para. 1 sentence 1 lit. a GDPR and § 25 para. 1 sentence 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG.
3. duration of storage, right of objection, revocation and removal
The data collected by us in this context will be deleted as soon as it is no longer required for the purpose for which it was collected. This is the case for the fulfillment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the implementation of the contract. Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or legal obligations. If consent has been requested, you have the right to withdraw your declaration of consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. You can revoke the consent you have given at any time by e-mail or post. If you have any questions about the storage period of the respective providers, you must contact them directly.
XV. Making appointments via Microsoft Bookings
1. description and scope of data processing
On our website you have the opportunity to make appointments with us. To do this, you will be redirected to our Microsoft Bookings appointment booking form on a separate domain. Microsoft 365 is a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (Microsoft). The headquarters of Microsoft’s parent company (Microsoft Corporation) is located in a third country from a data protection perspective.
On our website you have the opportunity to make appointments with us. To do this, you will be redirected to our Microsoft Bookings appointment booking form on a separate domain. Microsoft 365 is a service provided by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland (Microsoft). The headquarters of Microsoft’s parent company (Microsoft Corporation) is located in a third country from a data protection perspective.
Use of a provider based in a third country
Processing of personal data on servers to which the parent company also has access cannot be ruled out with certainty, e.g. in the case of support. The provider is certified in accordance with the “EU-US Data Privacy Framework” (DPF). Further information on the DPF can be found in this data protection information under “I. General information on data processing – 4. Data transfer to a third country or an international organization”.
2. legal basis for data processing
The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. The website operator has a legitimate interest in enabling interested parties and customers to make appointments as easily as possible. If the appointment booking is aimed at the conclusion of a contract or takes place within the framework of an existing business relationship (fulfillment of a contract or implementation of pre-contractual measures), the additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b GDPR; if the user is the contact person of a (potential) business partner (customer, supplier, partner) or the contact person of a legal entity, the legal basis for (pre-)contractual measures is Art. 6 para. 1 sentence 1 lit. f GDPR.
3. purpose of data processing
The processing is carried out for the purpose of planning and managing appointment bookings for our interested parties and customers. Our legitimate interest also lies in these purposes.
4. duration of storage, possibility of objection and removal
The data you enter will remain with us until you ask us to delete it or the purpose for storing the data no longer applies. Mandatory statutory provisions – in particular retention periods – remain unaffected.
5. conclusion of a contract for order processing
In connection with the data processing described above, the data is passed on and processed by our service provider Microsoft. We have concluded an order processing contract with Microsoft. This is a contract prescribed by data protection law, which ensures that Microsoft processes the personal data of our website visitors only in accordance with our instructions and in compliance with data protection regulations (GDPR, BDSG, etc.).