We use cookies, similar technologies and tracking services

This website uses cookies, similar technologies and tracking services (hereinafter referred to as “Cookies”). These Cookies help to display our website, improve it based on your user behavior (e.g., via Salesforce Pardot) and present content aligned with your interests (e.g., LinkedIn Insights, Google Ads). We require your consent to use Cookies. Additionally, we incorporate content from third-party providers (e.g., Microsoft Azure for single sign-on authentication), which could involve transferring your data to the United States, a non-secure third country. By clicking Accept All, you consent to the use of non-essential Cookies and to your data being transferred to third countries. Clicking Refuse enables you to reject the use of non-essential Cookies. Please select which Cookies we may use under Details. More information, particularly about your rights as a data subject, is available under Details or in our Privacy Policy .

Details

Refuse

Accept

Below, you can activate/deactivate the individual technologies that are used on this website.

Accept All

Essential

These Cookies make a website usable by providing basic functions such as page navigation, language settings, Cookie preferences and access to protected areas of the website. Cookies in this category additionally ensure that the website complies with the applicable legal requirements and security standards. Owing to the essential nature of these Cookies, you cannot prevent their use on our website. Details about these Cookies are available under More Information.

Functionality and personalization

These Cookies collect information about your habits when using our web pages and help us to enhance your user experience by tailoring the functions and attractiveness of our web pages based on your previous visits, location and browser settings. They also enable access to integrated third-party tools on our website (e.g., Microsoft Azure for single sign-on authentication). This can involve transferring your data to the United States, a non-secure third country. If you refuse these Cookies, you might not be able to access the full functionality of the website. Details about the tools we use are available under More Information.

Analysis

These Cookies are used to compile basic usage and user statistics based on how our web pages are used. If you accept these Cookies, you simultaneously consent to your data being processed and transmitted to the United States by services such as Salesforce Pardot. Details about the tools we use are available under More Information.

Marketing and social media

These Cookies help third-party sources collect information about how you share content from our website on social media or provide analytical data about your user behavior when you move between social media platforms or between our social media campaigns and our web pages (e.g., LinkedIn Insights). Marketing Cookies from third-party sources also help us measure the effectiveness of our advertising on other websites (e.g., Google Ads). We use these Cookies to optimize how we deliver our content to you. The third-party sources and social media platforms we use can transfer your data to the United States, a non-secure third country. If you accept these Cookies, you simultaneously consent to your data being transferred and processed as described above. Details about the tools we use and our social media presence are available under More Information.

More information

Save Settings

  • Duerr campus in Bietigheim-Bissingen

Privacy policy

The task of safeguarding your privacy is extremely important to us. Therefore, we follow the statutory regulations of European and German data protection law in relation to all data protection activities (e.g. collecting, processing, and transferring data).

This policy applies to the processing of personal data in connection with your visit to our websites and to other data processing in companies belonging to the Dürr Group. You can find a list of the companies in the Dürr Group in the annex.

Note on the use of this privacy policy:

The general information in section 1 applies to all our processing of personal data. Depending on the circumstances of the data processing, please also read the detailed information in sections 2-6, which take precedence over the more general information in section 1 if there is a conflict between them:

1. General information

2. Detailed information about visiting our websites

3. Privacy information relating to our social media presence

4.Privacy information relating to other data processing by companies in the Dürr Group not in connection with the websites

5. Privacy information relating to the event website

6. Privacy information relating to job applications

1. General information

Personal data are all types of information that refer to an identified or identifiable natural person (“data subject”), such as your name, address, telephone number, date of birth, and IP address.

We collect and use personal data only to the extent necessary to provide a functioning website and our content, products, and services. We collect and use our users’, customers’, and business partners’ personal data only with the consent of the data subjects or if the processing of the data is permitted by statutory regulations.

1.1 For what purpose are my data processed?

We use the personal data you supply to answer your inquiries, provide services, process your orders, and develop and manage our business relationship with you, your company, or your employer. You can find details in sections 2-6.

1.2 How and for what purpose are my data disclosed to third parties?

We only disclose or otherwise transfer your personal data to third parties if this is necessary for the purposes of establishing a contractual relationship, entering into or implementing a contract, invoicing, collecting charges (for example, shipping companies or payment service providers), asserting our claims or in the course of the (partial) sale of our company.

In addition, we are authorized by order of the competent public authority in each specific case to provide information about data to the extent that this is necessary for the purposes of criminal prosecution, for the prevention of danger by the police authorities of the federal states, in performance of the statutory tasks imposed by the federal and state constitutional protection authorities, the Federal Intelligence Service (Bundesnachrichtendienst), or the Military Counterintelligence Service (Militärischer Abschirmdienst), or for the enforcement of intellectual property rights.

In these cases, the legal basis is Art. 6(1)(f) GDPR, where our legitimate interest is identical with the purposes described or where you are our contractual partner and are not entering into the contract on behalf of a company, Art. 6(1)(b) GDPR.

We can also disclose or transfer your data to third parties if you have given your explicit consent to this. The legal basis in this case is Art. 6(1)(a) GDPR.

The recipients of the data are also service providers that we use for the purposes of our business (in particular, IT service providers, web hosting companies, marketing firms, advertising agencies, legal advisers).

1.3 The rights of data subjects

If your personal data are processed, you are a data subject as defined by the GDPR and you have the following rights in relation to the data controller:

a) Access, rectification, restriction of processing, and erasure

You have the right, at any time and free of charge, to access your personal data stored by us and to obtain information about the source and recipients of the data and the purpose of the data processing via our websites. Furthermore, you have the right to the rectification, erasure, and restriction of processing of your personal data, provided that the statutory requirements for this are met.

b) Right to data portability

You have the right to receive your personal data, which you have provided to us as the data controller, in a structured, commonly used, and machine-readable format. We can fulfill this right by providing an export of your personal data that we have processed.

c) Right to information

If you have exercised your right to have the data controller rectify, erase, or restrict data processing, the controller is obliged to inform all the recipients of your personal data of the rectification, erasure, or restriction of processing unless this proves impossible or involves a disproportionate effort.

You have the right to be informed by the controller about these recipients.

d) Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of the personal data concerning you, that may be processed in accordance with Art. 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

If you object, the controller will no longer process your personal data unless the controller has compelling, legitimate reasons for processing that override your interests, rights, and freedoms, or unless the processing serves to assert, exercise, or defend legal claims.

If the personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of the personal data concerning you for the purpose of this marketing; this also applies to profiling, to the extent that it is associated with this direct marketing.

If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

You have the option to exercise your right of objection in connection with the use of information society services by means of automated procedures using technical specifications, notwithstanding the provisions of Directive 2002/58/EC.

e) Withdrawal of declarations of consent under data protection law

In addition, you may withdraw your consent at any time, with future effect, by contacting us using the contact details given below. For information about withdrawing your consent in connection with our use of cookies and similar technologies, please see section 2.3 e).

f) Automated decision-making in individual cases, including profiling

In accordance with Art. 22 GDPR, you have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

(1) is necessary for entering into or performance of a contract between you and the data controller

((2) is authorized by European Union or Member State law that the controller is subject to and that also lays down suitable measures to safeguard your rights, freedoms, and legitimate interests or

(3) is based on your explicit consent

However, these decisions must not be based on special categories of personal data according to Art. 9(1) GDPR unless Art. 9(2)(a) or (g) GDPR applies and appropriate measures have been taken to safeguard your rights, freedoms, and legitimate interests.

In the cases referred to in (1) and (3), the controller must take reasonable measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your own point of view, and to contest the decision.

g) Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, in particular in the Member State where you are resident or working or where the alleged infringement occurred, if you believe that the processing of personal data concerning you infringes the GDPR.

The supervisory authority where the complaint has been lodged will inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Art. 78 GDPR.

1.4 What security measures have we taken to protect your data?

We have adopted a large number of security measures to provide adequate and appropriate protection for personal data.

Our databases are protected by physical and technical measures as well as procedural measures that restrict access to information to specifically authorized people in accordance with this privacy policy.
Our information system is protected by a software firewall in order to prevent access from other networks connected to the Internet. Only employees who need the information to perform a certain task receive access to personal information. Our employees are trained in security and data protection practices.

When collecting and transferring data via our websites, we use standardized SSL encryption technology. In the order process, personal data are protected by SSL encryption, identifiable by the padlock icon and the prefix “https://” in the address bar.

If a password is necessary for access to our websites, you should never disclose it to third parties and you should change it regularly. In addition, when accessing our websites you should not use the same password that you also use on other websites with password-protected access (email account, online banking, etc.). When you have left our pages, you should log out and close your browser to prevent unauthorized users from accessing your user account.

If you communicate with us by email, we cannot guarantee full data security.

1.5 Transfer to third countries

If the recipients of your data and their service providers are based outside the European Economic Area (EEA) or process your data outside the EEA, we will ensure that your personal data are adequately protected (e.g. by means of an adequacy decision).

The data protection regulations that apply in countries outside the EEA may be different from those in the country where you are resident. Under certain circumstances, the national law may provide less protection than that of the country where you are resident (e.g. because national regulations allow investigative bodies more far-reaching rights of access to personal data).

WPlease note that the USA is a third country that does not provide adequate data protection. This means that the level of data protection in the USA is not comparable with that of the EU. If data are transferred to the USA, there is the risk that the US authorities will access the data via monitoring programs based on Section 702 of the Foreign Intelligence Surveillance Act, Executive Order 12333 or Presidential Police Directive 28, without EU citizens having effective legal protection against accesses of this kind.

If your personal data are transferred to third countries that do not provide adequate data protection, we will take measures to ensure that your personal data have appropriate protection in these countries (e.g. among other things by using the standard contractual clauses of the EU Commission, if necessary with additional protective measures). We can provide information about the protection mechanism via the contact details given in the first subsection of sections 2 ff.

1.6 Amendments to this privacy policy

The date of this privacy policy is given directly under the heading. We reserve the right to amend this privacy policy as required and without prior notification. You should therefore visit this page on a regular basis to find out about any amendments to this privacy policy.

2. Detailed information about visiting our websites

Below you can find out what we do with your data when you visit our websites. This section 2 applies in addition to the general information in section 1. If you cannot find the necessary information in this section 2, please refer to section 1 (e.g. concerning the rights of the data subject). If there is a conflict between section 2 and section 1, the information in section 2 takes precedence over section 1.

Please note that there is a separate privacy policy for our event website, which you can find in section 5.

2.1 Who is the data controller with responsibility for processing data?

The data controller for our websites is:

Dürr Aktiengesellschaft
Carl-Benz-Str. 34
74321 Bietigheim-Bissingen
Germany
Telephone +49 71 42 78 0
Fax +49 71 42 78 17 16
corpcom(at)durr.com

You can contact our data protection officer at: dataprotection(at)durr.com.

You can also contact our data protection officer under the following address:

Dürr Aktiengesellschaft
Attn. Data Protection Officer
Carl-Benz-Str. 34
74321 Bietigheim-Bissingen
Germany

2.2 What data are collected and stored during the use of our websites?

a) Accessing the website

When you use our websites, the following data are collected by our web hosting company. The data are stored exclusively for internal system-related and statistical purposes and are referred to as usage data:

  • Information on the type and version of the browser used
  • The IP address of the user
  • Date and time of access
  • Websites accessed by the user’s system via our website

The data are also stored in log files on our systems. These data are not stored with other personal data belonging to the user.

Myra Security

In order to ensure the security of visitors to our websites, all traffic flows are assessed and filtered by our service provider Myra Security GmbH, Landsberger Str. 187, 80687 Munich, Germany (“Myra Security”) before our websites are accessed. Myra Security provides a secure, certified Security-as-a-Service platform for the protection of digital business processes. This enables us to guarantee the availability of our websites and to protect our infrastructure against attacks from criminals, botnets, and other malware. Myra Security analyzes every visit, and this protects the data against unauthorized access. This filtering process does not restrict the use of our websites by our users.

The legal basis for the temporary storage of data and log files and the use of Myra Security is Art. 6(1)(f) GDPR.

The temporary storage of the IP address by the system is necessary to allow the website to be made available on the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session. Protecting our websites against harmful attacks and therefore also protecting your data is our legitimate interest in using Myra Security.

Data are also stored in log files to ensure that the website functions correctly. In addition, the data allow us to optimize the website and to ensure the security of our information technology systems. The data are not evaluated for marketing purposes in this context.

These purposes also reflect our legitimate interest in data processing in accordance with Art. 6(1)(f) GDPR.

The data are erased as soon as they are no longer needed for the purpose they were collected for. If data are collected to make the website available, they are erased after 14 days.

The collection of data to make the website available and the storage of the relevant data in log files is essential for the operation of the website. Therefore, users have no possibility of objecting to this.

b) Login

On our websites, we offer you the option of logging in with a user name and password to access certain content (e.g. download center, B2B workshop). You can register for these services either after making personal contact with our employees or after registering on our websites using the registration form (download center) with access subsequently being granted by one of our employees. The registration form is used to collect the following personal data:

  • First name and last name
  • Company name
  • Position in the company
  • Email address

In these cases, the legal basis for the processing of the data is Art. 6(1)(f) GDPR. Our legitimate interest in processing the data is entering into and implementing the contract with you or your company and making available confidential internal information via our information portals.

Single sign-on: Microsoft Azure Active Directory

We use Azure Active Directory cloud services provided by Microsoft Ireland Operations Limited, 70 Sir Rogerson’s Quay, Dublin 2, Ireland (“Microsoft”) to manage contacts and provide a simple solution for registration (single sign-on). In this context, Microsoft stores a cookie on your device to ensure that you will be recognized. For details of cookies, please refer to section 2.3. You can find information about Microsoft’s data processing activities in Microsoft’s privacy policy at https://privacy.microsoft.com/en-US. Microsoft is a subsidiary of Microsoft Corporation in the USA. It is therefore possible that your data may be transferred to a data center in the USA. The transfer is protected by the standard contractual clauses of the EU Commission (for more information on third-country transfers, please refer to section 1.5). We base our use of services such as Azure Active Directory and the relating processing of data by the service provider for its own limited purposes on Art. 6(1)(f) GDPR and our legitimate interest in providing you with a simple means of logging in to our website.

The data are erased as soon as they are no longer needed for the purpose they were collected for:

  • This is the case for the data collected during the registration process if the registration on our website is canceled or modified.
  • This will be the case during the registration procedure for the performance of a contract or to take steps prior to entering into a contract if the data are no longer needed for the performance of the contract. After the contract has been concluded, it may be necessary to store the contractual partner’s personal data in order to comply with contractual or statutory obligations.

Right to object

In section 1.3 we explain your right to object to the processing of your data on the basis of Art. 6(1)(f) GDPR. As a user, you can cancel your registration at any time. You can have your stored data modified at any time. Simply email us at info(at)durr.com.

If the data are necessary for the performance of a contract or for steps prior to entering into a contract, premature erasure of the data is only possible if this is not prevented by contractual or statutory obligations.

c) Contact options

For certain functions of our websites (e.g. HR inquiries/service inquiries/press contacts), you have the option of contacting us via the email addresses provided and via a contact form. In this case, the personal data of the user submitted via the contact form or in the email will be stored.

We use Salesforce Pardot to provide the forms that you can use to contact us. Salesforce Pardot is a software program developed by salesforce.com Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA (“Salesforce”) for automated lead management, marketing automation, and sales support in the B2B environment. Salesforce stores personal data in the USA. Salesforce has issued binding corporate rules for this purpose (available at https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf), which ensure that the data are transferred securely.

In this context, Salesforce stores a cookie. For details of cookies, please refer to section 2.3.

We use your data solely to process your request and can contact you for this purpose using the contact data provided. This is also our legitimate interest in processing the data. The data will be used for advertising purposes or forwarded to third parties only if you have explicitly consented to this.

The legal basis for processing data that are transferred in the course of making contact with us is Art. 6(1)(f) GDPR. If the aim of making contact is to enter into a contract, then the legal basis for processing is Art. 6(1)(b) GDPR.

The data are erased as soon as they are no longer needed for the purpose they were collected for. The personal data that you have sent to us for the purpose of making contact will be erased once the relevant conversation with you has come to an end. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively resolved. However, backup data are stored by Salesforce for another 90 days.

Right to object

In section 1.3 we explain your right to object to the processing of your data on the basis of Art. 6(1)(f) GDPR.

d) Orders

As a registered and logged-in user, you can place orders on our website, e.g. by making a purchase.

For this purpose and to fulfill the purchase contract, we collect user, shipping, and payment details (e.g. credit card details, account number, bank code) and record other information about the order process (e.g. which items you add to your shopping basket, information about order picking and the order status). These data are required for the conclusion of the contract.

In each case, the data are processed on the basis of Art. 6(1)(f) GDPR and our legitimate interest in enabling you to make the purchase. If you enter into the contract yourself, the data are processed on the basis of Art. 6(1)(b) GDPR and the forthcoming purchase contract.

These data may also be disclosed to third parties (e.g. shipping service providers, carriers, banks) where this is necessary for the performance of the contract. We store the data in accordance with the statutory storage periods for up to ten years. Data that are not subject to a statutory retention obligation are erased as soon as the purpose they were collected for no longer applies. This is the case if you delete a customer account that you have created with us.

Right to object

In section 1.3 we explain your right to object to the processing of your data on the basis of Art. 6(1)(f) GDPR.

2.3 Cookies

We use cookies on our websites. Cookies are small amounts of data in the form of text information that the web server sends to your browser. These cookies are only stored on your hard disk. Cookies can be read only by the server that previously placed them on your device. Cookies do not store any personal information, such as your name. The data stored in the cookies are not linked to your personal data (name, address, etc.).

a) Transient and persistent cookies

Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. They store a session ID, which is used to assign different requests from your browser to the joint session. This enables our website to recognize your computer next time you visit. The session cookies are deleted when you log out or close the browser.

We use transient cookies to make our website more user-friendly. Some elements of our website require the calling browser to be identified even after a page change. The following data, for example, are stored and transferred in the cookies:

  • Browser settings regarding cookies (whether they are activated or not)
  • Language settings of the user
  • Login information

We also use persistent cookies on our website that enable us to analyze users’ browsing behavior. Persistent cookies are automatically deleted after a specified period, which can vary depending on the cookie. This allows us to record and analyze the click behavior of users on our websites (the data recorded include, for example, browser data, click frequency, click-through rate, etc.).

The data collected via persistent cookies are pseudonymized using technical measures, which means that it is no longer possible to associate the data with the user. The relevant data are not stored together with other personal data belonging to the users.

b) Tracking/web bugs

Some of our services also use tracking/web bugs or tracking pixels. These are usually code snippets measuring only 1x1 pixel, which are able to identify and recognize your browser ID – the individual fingerprint of your browser. This allows the service provider to see when and how many users have accessed the pixel, or whether and when an email was opened or a website visited.

To block web bugs on our websites, you can use tools such as webwasher, bugnosys, or AdBlock. To block web bugs in our newsletter, please change the settings of your email program so that no HTML is displayed in messages. You can also block web bugs by reading your emails offline. Unless you give your explicit consent, we will not use web bugs to collect personal information about you or to transfer this information to third parties and marketing platforms without your knowledge.

c) Local storage

To adapt our services to your needs and make you tailored offers, we use local storage technology in addition to cookies. This technology involves storing certain data in the local cache of your browser. These data are retained after you have closed the browser and can be accessed and read by us again on your next visit to our websites.

Local storage enables us to store your preferences for the use of our websites. The data from the local storage are used on our websites so that, for example, you do not have to make certain selections again after your initial input (Jobcenter/FAQ), so that your choice of certain formats on our websites is retained the next time you visit, or that you are shown an initial selection of interesting articles when you visit the websites.

d) Legal basis for the use of cookies, web bugs, tracking pixels, etc.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6(1)(f) GDPR in conjunction with section 25(2)(2) of the German Telecommunications and Telemedia Data Protection Act (TTDSG).

The purpose of using necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary for the browser to be recognized even after a page change.

You have no right of objection to necessary cookies, as they are essential for us to be able to show you our website and its contents, and to make the functionality of the website available to you.

The user data collected by necessary cookies are not used to create user profiles.

Technologies for increasing the functionality and for analytical and marketing purposes are used to improve the quality of our website and its content. The analysis cookies enable us to learn how the website is used and to continuously optimize our offering. Processing, in particular on your device, that is based on cookies or other identifiers (e.g. browser fingerprints, pixels, local storage) (referred to as “cookies”) and is not technically required for the function of our websites, will be carried out by us only with your consent, which you can grant via our cookie banner when visiting our websites for the first time. The legal basis for this cookie-based processing is Art. 6(1)(a) GDPR in conjunction with section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG). Cookies that are not required for the functioning of our websites will not be stored until you have given your consent.

e) Withdrawal of consent given for the use of cookies, web bugs, tracking pixels, etc.

You can withdraw your consent for the collection of data by cookies at any time. You must follow these steps to do so:

  • Open the settings for cookies on our websites via the “Cookies” footer
  • In the next window that opens, you have the option to withdraw your consent to data processing for individual categories of cookies and similar technologies (e.g. data storage in the local storage)

You can also delete cookies at any time or adjust your browser’s corresponding cookie settings. For more information about how you can delete and/or manage cookies using your browser’s settings, please see your browser’s help pages. Data can also be removed from local storage by emptying your browser's local storage.

f) List of the cookies used

Below is a list of the individual cookies used on our websites. We make every effort to keep this table up to date. However, please note that third-party cookies can be changed without our knowledge and that there may therefore be individual differences from the table below. The key information is the details of the various services that you can find in sections 2.2 and 2.4 ff., including the references there.

Name of cookie Type of cookie Name of application Purpose of cookie Storage duration
Consent-analysis Technically required Cookie banner This cookie is used by the cookie banner to store the selection for analysis cookies. The banner will subsequently no longer appear on each page. 6 months
Consent-functional Technically required Cookie banner This cookie is used by the cookie banner to store the selection for functional cookies. The banner will subsequently no longer appear on each page. 6 months
Consent-marketing Technically required Cookie banner This cookie is used by the cookie banner to store the selection for marketing cookies. The banner will subsequently no longer appear on each page.  6 months
Consent-youtube, Consent-maps-google, Consent-maps-baidu, Consent-maps-yandex, Consent-socialstream Technically required YouTube, map services, social feeds Part of the two-click solution for the GDPR-compliant use of plugins; used for the recording and recognition of those users who have given their consent to the transfer of data via the plugin concerned. 6 months
fe_typo_user Technically required Login Enables logins from the front end, e.g. in the download center. Until the end of the session
_ga Analysis Google Analytics A third-party provider’s cookie that is used when community users are tracked with a Google Analytics tracking ID. Used to distinguish anonymously between individual clients (a client is a browser on a specific device). 2 years
_gid Analysis Google Analytics (analytics.js) Used to distinguish anonymously between individual clients (a client is a browser on a specific device). 24 hours
_gat or _gat_UA* Analysis Google Analytics (analytics.js) Reduces the number of requests per minute and allows them to be allocated to the site operator’s Google Analytics account. 1 minute
_dc_gtm_UA* Analysis Google Tag Manager (analytics.js) Reduces the number of requests per minute and allows them to be allocated to the site operator’s Google Analytics account. 1 minute
_gat_gtag_UA* Analysis Google Analytics (analytics.js) Reduces the number of requests per minute and allows them to be allocated to the site operator’s Google Analytics account. 1 minute
gtm_internal Analysis Google Tag Manager Used to distinguish anonymously between individual internal and external clients (a client is a browser on a specific device). 30 days
LSKey-c$CookieConsentPolicy Required Pardot Webshop Used to apply the end user’s cookie settings determined by our client service program. Salesforce Lightning uses LSKey[<namespace>] as a prefix. 1 year
Oid Required Pardot Webshop Used to direct a user to the correct Salesforce organization and to help the user with the next login. 2 years
clientSrc Required Pardot Webshop Used for security purposes. Until the end of the session
Sid Required Pardot Webshop Used to validate the user’s session. Until the end of the session
Inst Required Pardot Webshop Used to direct requests to an instance when bookmarks and hard-coded URLs send requests to another instance. This type of forwarding can take place after an organizational migration, a division, or a URL update. Until the end of the session
pctrk Required Pardot Webshop Used to distinguish guest users from one another. No user information is stored. 1 year
force-proxy-stream Required Pardot Webshop Ensures that client requests reach the same proxy hosts and that content from the cache is very likely to be accessed. 1 hour
BrowserId_sec Required Pardot Webshop Used for security purposes. Makes it possible to track several login attempts from the same browser in order to identify threads and malicious players (HTTPS). 1 year
CookieConsentPolicy Required Pardot Webshop Used to implement the end user’s cookie settings determined by our client service program. 1 year
force-stream Required Pardot Webshop Used to direct server requests for sticky sessions. 1 year
sid_Client Required Pardot Webshop Used to validate orgid and userid on the client side. Until the end of the session
RRetURL Required Pardot Webshop Used for “Login as” to return to the original page. Until the end of the session
BrowserId Required Pardot Webshop Used for security purposes. Makes it possible to track several login attempts from the same browser in order to identify threads and malicious players (HTTPS). 1 year
sfdc-stream Required Pardot Webshop Used to transfer server requests correctly within the Salesforce infrastructure for sticky sessions. 1 hour
RSID Required Pardot Webshop Used to allow an admin user to log in as one of their organization’s users. Until the end of the session
renderCtx Required Pardot Webshop Used to store site parameters in the session for reuse via requests from an individual client for functional and performance reasons. Until the end of the session
visitor_id<accountid> Analysis Pardot Salesforce The visitor cookie contains a unique visitor ID and a unique identifier for your account. For example, the cookie named visitor_id12345 stores the visitor ID 1010101010. The account identifier 12345 ensures that the visitor is tracked via the correct Pardot account. The visitor value is the visitor_id in your Pardot account. This cookie is stored for visitors by the Pardot tracking code. 180 days
pi_opt_in<accountid> Required Pardot Salesforce If the opt-in settings for tracking are activated, the pi_opt_in cookie is stored with an “or” value if the visitor decides for or against tracking. When a visitor logs in, the value is set to “true” and the visitor is given a cookie and is tracked. When the visitor logs out or ignores the opt-in banner, the value of the opt-in cookie is set to “false.” The visitor cookie is deactivated, and the visitor is not tracked. 180 days
visitor_id<accountid>-hash Analysis Pardot Salesforce The visitor hash cookie contains an account ID and stores a unique hash. For example, the cookie named visitor_id12345-Hash stores the hash "855c3697d9979e78ac404c4ba2c66533” and the account ID is 12345. This cookie is a security measure to prevent malicious users from pretending to be visitors to Pardot and from accessing information about potential customers. 180 days
lpv<accountid> Analysis Pardot Salesforce This LPV cookie is stored to prevent Pardot from tracking several page calls for a single asset during a 30-minute session. For example, if a visitor reloads a destination page several times during a period of 30 minutes, this cookie prevents every reload of the page from being tracked as a page call. Until the end of the session
Pardot Required Pardot Salesforce A session cookie with the name pardot is stored in your browser while you are logged into Pardot as a user or when a visitor accesses a form, a destination page, or a page with a Pardot tracking code. The cookie identifies an active session and is not used for tracking. Until the end of the session
li_fat_id Marketing LinkedIn This cookie is an indirect identifier for members that is used for conversion tracking, retargeting, and analyses. 30 days
lidc Marketing LinkedIn This cookie facilitates data center selection. 24 hours
bcookie Marketing LinkedIn Browser identifier 2 years
UserMatchHistory Marketing LinkedIn This cookie synchronizes the IDs of LinkedIn ads. 30 days
li_giant Marketing LinkedIn Indirect identifier for groups of LinkedIn members that is used for conversion tracking. 7 days
BizographicsOptOut Marketing LinkedIn This cookie is used to determine the opt-out status for third-party tracking. 10 years
x-ms-cpim-admin Functionality Azure AD Contains cross-client data on the user’s membership: Clients that a user belongs to and the level of membership (“admin” or “user”). End of the browser session
x-ms-cpim-slice Functionality Azure AD For transferring requests to the corresponding production instance. End of the browser session
x-ms-cpim-trans Functionality Azure AD For tracking transactions (number of authentication requests to Azure AD B2C) and the current transaction. End of the browser session
x-ms-cpim-sso:{Id} Functionality Azure AD For managing the session with single sign-on (SSO). This cookie is set to persistent if persistent is activated. End of the browser session
x-ms-cpim-cache:{id}_n Functionality Azure AD For managing the request status. End of the browser session, successful authentication
x-ms-cpim-csrf Functionality Azure AD Token for cross-site request forgery (CSRF) to protect against CSRF attacks. End of the browser session
x-ms-cpim-dc Functionality Azure AD For Azure AD B2C network routing. End of the browser session
x-ms-cpim-ctx Functionality Azure AD Context End of the browser session
x-ms-cpim-rp Functionality Azure AD For storing membership data for the resource provider client. End of the browser session
x-ms-cpim-rc Functionality Azure AD For storing the relay cookie. End of the browser session
IDE Marketing GoogleAds Contains a randomly generated user ID. Using this ID, Google can recognize the user on different websites across different domains and display personalized ads. 1 year
test_cookie Marketing GoogleAds Contains a randomly generated user ID. Using this ID, Google can recognize the user on different websites across different domains and display personalized ads. 15 minutes
ComponentDefStorage__MUTEX_X, GlobalValueProviders__MUTEX_X, GlobalValueProviders__MUTEX_Y Marketing shop.homag.com Used to track users on several websites to display relevant advertising based on the user’s preferences. Persistent

g) Google Tag Manager

We use Tag Manager for website tracking, delivering advertising, and displaying elements of the website of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Ireland Ltd. is a subsidiary of Google LLC with headquarters in the USA. Any Google service may transfer your data that has been collected by Google (e.g. your IP address) to the USA (for more information on third-country transfers, please refer to section 1.5). The transfer takes place on the basis of the standard contractual clauses of the EU Commission.

Google Tag Manager makes it easier for us to integrate and manage our cookies and Google tools, such as Google Analytics. Google Tag Manager is also an assistant that processes even personal data only for technically necessary purposes. However, the other components uploaded by Google Tag Manager will, if necessary, process other data for other purposes that Google can combine with other data. You can find further information about Google Tag Manager in the Google privacy policy at https://policies.google.com/privacy?hl=en-US. You can find further information about Google Tag Manager at: https://www.google.com/intl/de/tagmanager/use-policy.html.

The legal basis for the related processing of data is your consent, Art. 6(1)(a) GDPR. Without your consent, we will use Google Tag Manager only for the correct display of elements of our websites (but not for tracking and advertising).

Withdrawal of consent

You can withdraw your consent to the processing of your data by the services and networks integrated via the plugins at any time with future effect if you follow the instructions in section 2.3 e).

You can also prevent the data relating to your use of the website (including your IP address) from being collected and transferred to Google and prevent Google from processing these data by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout?hl=en.

2.4 Plugins for social media and map services

We have a presence on social media. For more information, please refer to section 3 of our privacy policy.

Here you will find information about how we integrate features and tools from social media channels and map services into our websites:

All the buttons for social networks and map services are integrated into our websites via placeholders. The buttons are only loaded when you click on the “Agreed” button in the respective placeholder. Only then will a connection be made to the servers of the relevant third-party provider and the information about your visit to our websites transferred. Before this, a text field will appear containing further information about the details of the possible transfer of data to third-party providers, with reference being made to this part of our privacy policy.

Your usage data will be transferred only when you are logged into your account on the social network or service concerned (e.g. Google account – Google Maps). By clicking on the placeholder of the button, you consent to the processing of the data as described in this section of our privacy policy.

In this case, the legal basis for the processing of your data is the consent you have given by clicking on the button, in accordance with Art. 6(1)(a) GDPR. Your consent to the transmission of data is documented in a cookie stored on your device.

Withdrawal of consent

You can withdraw your consent to the processing of your data by the services and networks integrated via the plugins at any time with future effect if you follow the instructions in section 2.3 e).

We use plugins from the following providers:

a) Twitter

We have integrated plugins from the social network Twitter into our website. Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, has exclusive responsibility for Twitter and its websites. Twitter is a company headquartered in the USA. It is therefore likely that your data that is collected by Twitter will be transferred to the USA. For information on third-country transfers, please refer to section 1.5.

Details of the Twitter plugin:

If you have activated the plugin, tweets will be loaded and a connection will be made to the Twitter servers. If are logged into your Twitter user account, certain information and user data will be passed on to Twitter, including the fact that you have visited our website. This information will be transferred to Twitter, where it will be stored and, in certain circumstances, will also be forwarded to third parties, in particular advertising partners of Twitter. However, this will only happen if you are logged into your Twitter user account. To prevent data from being transferred to Twitter, you must log out of your Twitter user account before you click on Twitter links in our websites. Please note that the functions assigned to the Twitter links, in particular the transfer of information and user data to Twitter, are not activated by visiting our websites but only by clicking on the plugin.

You can obtain further information about the purpose and extent of data collection and the further processing and use of your data by Twitter and the data storage period from Twitter’s privacy policy. This can be found on the Internet at https://twitter.com/en/privacy. Here you will also find, for example, information about optional settings to protect your privacy and about your additional rights relating to the collection, processing, and use of your data by Twitter, and about how to withdraw your consent.

b) YouTube (Google)

We have integrated videos and a social stream on our websites from the provider YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA (“YouTube”). YouTube is represented by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Ireland Ltd. is a subsidiary of Google LLC with headquarters in the USA. Any Google service may transfer your data that has been collected by Google to the USA (for more information on third-country transfers, please refer to section 1.5). The transfer takes place on the basis of the standard contractual clauses of the EU Commission.

Details of the YouTube plugin:

The YouTube videos on our video channel are only loaded when you click on the corresponding plugin, at which point a connection will be established with Google’s servers.

To embed videos we use the enhanced privacy mode, which imposes further restrictions on the processing of data by Google. In this case, according to Google, no information about the users of our website will be stored until these users watch the embedded video. However, it is still possible that data will be forwarded to Google partners.

Once you have activated the plugin, a connection will be established to Google’s servers and Google will collect data about which of our pages you have visited. Google collects further data about your browsing behavior when you are logged into your YouTube account. To prevent your usage data from being transferred to Google, you must log out of your YouTube account before you click on the YouTube links on our website.

You can obtain further information about the purpose and extent of data collection and the further processing and use of your data by YouTube and the data storage period from YouTube’s privacy policy. This can be found on the Internet at https://www.youtube.com/account_privacy. Here you will also find, for example, information about optional settings to protect your privacy and about your additional rights relating to the collection, processing, and use of your data by YouTube, and about how to withdraw your consent. If you do not have your own YouTube account, you can find the Google privacy policy at https://policies.google.com/privacy?hl=en-US.

c) Map services

(1) Google Maps

We use a plugin of the Internet service Google Maps on our website. The operator of Google Maps is Google Ireland Limited (for details of Google, see section 2.4 b)). Once you activate the Google Maps plugin on our website, information about the use of this website and your IP address is transferred to a Google server in the USA and also stored on this server. We have no knowledge either of the exact content of the data transferred or of how the data are used by Google. In this context, the company states that it does not connect the data with information from other Google services and the collection of personal data.

By activating the plugin, you consent to the information being collected and processed by Google as described. You can find more information about the privacy policy and terms of use for Google Maps here: https://www.google.com/help/terms_maps/

(2) Baidu Maps

We use a plugin of the Internet service Baidu on our website. The operator of Baidu Maps is Baidu Inc, Baidu Campus, No. 10 Shangdi 10th Street, Haidian District, Beijing, 100085 China (“Baidu”). Please note that we offer the Baidu service only to people outside the EU and the EEA. If you activate the Baidu Maps plugin on our website, information about the use of this website and your IP address is transferred to a Baidu server and also stored on this server. We have no knowledge either of the exact content of the data transferred or of how the data are used by Baidu. Therefore, we accept no liability for the processing of the data.

When you activate the plugin, you declare that you are outside the EU and the EEA and that you consent to the information being collected and processed by Baidu as described. You can find more information about the privacy policy and terms of use for Baidu Maps here: http://ir.baidu.com/baidu-statement-privacy-protection/

(3) Yandex.Maps

We use a plugin of the Internet service Yandex on our website. The operator of Yandex.Maps is YANDEX LLC, Ulitsa Lva Tolstogo 16, Moscow, 119021 Russia (“Yandex”). Please note that we offer the Yandex service only to people outside the EU and the EEA. If you activate the Yandex.Maps plugin on our website, information about the use of this website and your IP address is transferred to Yandex servers in Russia and the EEA and also stored on these servers. We have no knowledge either of the exact content of the data transferred or of how the data are used by Yandex. Yandex itself indicates that personal data collected via its services are aggregated and merged in your Yandex user account if you are logged into it while using Yandex.Maps on our websites. Therefore, we accept no liability for the processing of the data.

When you activate the plugin, you declare that you are outside the EU and the EEA and that you consent to the information being collected and processed by Yandex as described. You can find more information about the privacy policy and terms of use for Yandex.Maps here: https://yandex.com/legal/confidential/

2.5 Hyperlinks to social networks

We also have links on our websites to social media platforms where we have a profile. These consist of the icons of the social media platforms that have links to our pages on the relevant platforms. Social plugins (such as the Facebook “Like” button) are not integrated in these cases.

Our links to the social media services do not result in any of your data being transferred to these services. These are normal hyperlinks that generally do not involve any transfers of data. Clicking on the link will take you directly to our social media presence with the respective social media service. Data are only transferred if you are logged into your user account with the social media service in question.

By clicking on the links, you are personally responsible for the data transfer to the above-mentioned social networks because by logging into your social network account and following the link in question, you become actively involved and initiate the subsequent processing of data by the relevant social network.

Please refer to the privacy policy for our social media presence in section 3.

2.6 Analysis services

a) Google Analytics

We use the analytical tool Google Analytics for the statistical and analytical evaluation of certain data. This is a web analysis service provided by Google Ireland Limited (for details of Google, see section 2.4 b)).

We process the data collected by the analytical tool solely on the basis of your prior consent and in order to constantly improve the services and offers provided on our website and keep them available for our customers.

Google Analytics uses cookies (for more information on cookies, see section 2.3). The information generated by the cookies about your use of the website is usually transferred to a Google server in the USA and stored there. Our website uses IP anonymization for transferring data to Google. Before the data are sent, Google truncates and therefore anonymizes your IP address. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. For information on third-country transfers, please refer to section 1.5. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity, and to provide us with other services relating to website and Internet use. The IP address transferred by your browser in the context of Google Analytics will not be merged with other Google data. You can prevent cookies from being stored by selecting the appropriate settings on your browser. However, please note that if you do so, you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the website (including your IP address) and from processing this data by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=en).

For further information on how Google Analytics works and the relevant terms of use and privacy policy applicable to this service, please visit https://marketingplatform.google.com/about/analytics/terms/us/ and https://policies.google.com/privacy. Please also note that Google Analytics is used with the extension anonymizeIP on our websites and therefore IP addresses are processed only in truncated form in order to exclude the possibility of any reference being made to an individual person.

If you have given your consent (Art. 6(1)(a) GDRP), we use cross-device tracking on our websites to analyze your usage behavior. This means that we are able to recognize you as a registered user of our websites across different devices. An ID will be allocated to you for this purpose when you register on our website. This ID is recognized by Google Analytics when you log into our websites from different devices (e.g. cell phone, tablet). The data collected about you are summarized under the corresponding ID by Google and stored and made available to us on the basis of the ID only in pseudonymized form. We use these pseudonymized usage profiles to be able to make your shopping experience on our website even more personal and more tailored to your needs.

Withdrawal of consent

You can also prevent Google from collecting the data relating to your use of the website and from processing the data by downloading and installing the browser plugin available at the following link (http://tools.google.com/dlpage/gaoptout?hl=en). In addition, you can withdraw your consent as described in section 2.3 e) above.

b) Salesforce Pardot

On our websites we also use the Salesforce Pardot analysis services provided by Salesforce (for details of Salesforce, see section 2.2 c)). If you have consented to this (Art. 6(1)(a) GDPR), Salesforce Pardot in combination with cookies enables us to recognize you as a visitor to our websites and to record and analyze your user behavior in pseudonymized form. This allows us to offer you better, more convenient and more personalized services. These data will be linked with an existing customer profile in our customer database, which enables us to provide you with personal and individual advice if necessary. The personal data processed by Salesforce Pardot is processed only on our behalf and in accordance with our instructions.

Pardot stores cookies if you have consented to this and providing that no cookies of this kind have already been stored on your device (for more information on cookies, see section 2.3). We use the Pardot cookies to analyze your usage of our websites, so that we can continuously improve them. You can find information about Pardot tracking at https://help.salesforce.com/s/articleView?id=pardot_admin_tracker_domain_visitor_tracking.htm&type=5&language=en.

Withdrawal of consent

You can withdraw your consent at any time, with future effect, by following the instructions in section 2.3 e). However, this can result in restrictions on the functions and user friendliness of our websites.

2.7 Marketing services

a) LinkedIn Insight Tag

Our website uses the “LinkedIn Insight Tag” conversion tool from LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). This tool stores a cookie in your web browser that allows the following data to be collected: IP address, device properties, browser properties, and page events (e.g. page visits), demographic data from LinkedIn if the user is an active LinkedIn member, last URL visited, time information. These data are encrypted by LinkedIn, pseudonymized within seven days and the pseudonymized data are erased within 90 days. We and LinkedIn act as joint controllers for the processing of this data. You can see the agreement on this subject at LinkedIn and in section 3.4. You can find more information about the cookies stored in this context in section 2.3, at https://www.linkedin.com/help/linkedin/answer/a427660, and in the LinkedIn privacy policy at https://www.linkedin.com/legal/privacy-policy.

This technology enables us to produce reports on the effectiveness of our advertising and information on website interaction and to display targeted advertising on LinkedIn (conversion tracking), without us identifying you as a website visitor. However, LinkedIn can connect your data to your LinkedIn profile if you are logged into LinkedIn when you visit our website. We process your data to evaluate events and to collect information about website visitors who may have reached us via LinkedIn. We process your data because you have consented to this in accordance with Art. 6(1)(a) GDPR and we store your data for as long as necessary for the respective purpose (event evaluation) and provided that you have not objected to the storage of your data or withdrawn your consent. If LinkedIn transfers the data to its own parent company in the USA, this transfer takes place on the basis of the standard contractual clauses of the EU Commission. For information on third-country transfers, please refer to section 1.5.

You can object to your data being processed by LinkedIn via the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Withdrawal of consent

LinkedIn members can control the use of their personal data for advertising purposes in their account settings. To deactivate the Insight tag on our websites, please follow the instructions in section 2.3 e).

b) Google Ads (Google AdWords Remarketing)

On our websites we use remarketing services from Google as an online marketing measure (for details of Google, see section 2.4 b)). This allows us to show visitors to our websites ads relating to their interests on other websites in the Google advertising network, in Google searches, and on YouTube. To do this, we analyze the interactions of visitors to our websites, e.g. the offers they were interested in, in order to be able to display targeted ads to these visitors on other websites after they have visited our websites.

Google stores cookies for this purpose on the visitors’ devices. These cookies are listed in section 2.3. The visits are recorded using these cookies. In this context, we collect the following personal data of visitors to our websites: duration of visit, IP address, pages visited, content of interest to the visitor, and website usage.

The data are processed in the European Union. However, the information about your use of our websites may be transferred to a Google server in the USA or in another country outside the EU and the EEA and stored there (namely Singapore, Taiwan, or Chile). The recipients of the data are Google LLC and Alphabet Inc., both of which belong to the Google Group. If the data are transferred to the USA, there is the risk that your data will be processed by the US authorities for control and monitoring purposes, without the possibility of you being able to seek a judicial remedy. This can be the case for different purposes, e.g. storage or processing. The transfer of data to third countries that do not provide adequate data protection is based on the standard contractual clauses of the EU Commission. For information on third-country transfers, please refer to section 1.5.

For more information, please refer to the Google privacy policy at https://policies.google.com/privacy?hl=en-US.

Withdrawal of consent

We obtain your prior consent to the processing of your data (Art. 6(1)(a) GDPR), which you can withdraw at any time with future effect by following the instructions in section 2.3 e).

2.8 Advertising messages (e.g. email newsletters, newsletter tracking)

In order to make additional information on our offering available to you, we enable you to subscribe to newsletters on some of our websites. We obtain your consent to the processing of data for the advertising messages referred to below as part of the subscription process and we refer to this privacy policy.

The legal basis for the processing of data after you have subscribed to these services is Art. 6(1)(a) GDPR. The purpose of collecting your email address is to send you the newsletter. The collection of other personal data as part of the subscription process is intended to prevent the misuse of the services or of the email address that is used.

The data are erased as soon as they are no longer needed for the purpose they were collected for. Your email address will be stored for as long as your subscription to the information service is active.

You can cancel your subscription to the services at any time. Each newsletter contains a corresponding reference to this. This also makes it possible for you to withdraw your consent to the storage of personal data collected during the subscription process.

a) Corporate information and financial reports of Dürr AG

We offer you the opportunity to receive corporate information and financial reports via our ordering service.

To send email messages to our customers, we use the advertising service of the provider EQS Group, Karlstr. 47, 80333 Munich, Germany (“EQS”). The data referred to below are processed by EQS on our behalf and stored for this purpose on the servers of EQS in Germany. EQS uses your data only to send the advertising messages.

The data collected from the input screen are transferred to us during the registration process.

  • Company
  • Department
  • Position in the company
  • First name and last name
  • Address
  • Email address
  • Telephone number (optional)
  • Fax number (optional)
  • Cell phone number (optional)

b) Online publications of Dürr AG and newsletter tracking

It is also possible to receive information about online publications of the Dürr Group via our newsletter. The data collected from the input screen are transferred to us during the registration process.

Salesforce Pardot:

We use the advertising email service Salesforce Pardot to send newsletters to our customers and to evaluate them (for details of Salesforce, see section 2.2 c)). The data referred to below are processed by Salesforce on our behalf. This involves the data being transferred to the USA. Salesforce has issued binding corporate rules (available at https://www.salesforce.com/content/dam/web/en_us/www/documents/legal/misc/Salesforce-Processor-BCR.pdf), which ensure that the data are transferred securely. For information on third-country transfers, please refer to section 1.5.

The following data are processed in this context:

  • Email address
  • Company (optional)
  • Salutation and title (optional)
  • First name and last name (optional)
  • Street address (optional)

The newsletters sent on our behalf by Salesforce contain a tracking pixel that transfers information to Salesforce when you open the newsletter. We then download this information from the Salesforce servers to generate statistical analyses and to evaluate the success of our newsletter campaigns. The data that are collected are also used to send you information that corresponds to your specific interests.

This information allows us to determine whether the newsletters are opened, when they are opened, and which links within the newsletter are clicked on. We use the analyses primarily to identify the degree of interest in specific topics and to measure the effectiveness of our communication measures. We collect your data only after you have subscribed to the service and have specifically consented to your data being collected and stored for this purpose. In this case, the legal basis for the processing of your data is the consent you have given in accordance with Art. 6(1)(a) GDPR.

SC-Networks:

As an alternative to Salesforce Pardot, we use the advertising email service of the provider SC-Networks GmbH, Würmstraße 4, 82319 Starnberg, Germany ("SC-Networks") to send the newsletter. The data named below is processed by SC-Networks on our behalf and stored for this purpose on the servers of SC-Networks in Germany.

  • Email address
  • Company (optional)
  • Salutation and title (optional)
  • First name and last name (optional)
  • Street address (optional)

The newsletters sent on our behalf by SC-Networks contain a tracking pixel that transmits information to SC-Networks as soon as the newsletter is opened by you. This information is then retrieved by us from the servers of SC-Networks in order to generate statistical evaluations and to be able to measure the success of our newsletter campaigns. In addition, the data obtained is used to send you information that corresponds to your specific interests.

This information allows us to determine whether the newsletters are opened, at what time they are opened and which links are clicked within the newsletter. The evaluations serve us predominantly to determine the degree of interest in certain topics and to measure the effectiveness of our communication measures. For this purpose, we only collect your data if you have expressly consented to the collection and storage of your data for this purpose when you subscribe to the service. In this case, the legal basis for the processing of your personal data is the consent you have given pursuant to Art. 6 (1) p. 1 lit. a DSGVO.

Withdrawal of consent

You can withdraw your consent to newsletter tracking at any time by clicking on the corresponding link in each newsletter or by sending an email to info[at]durr.com.

2.9 Your rights as a data subject

In section 1.3, we describe in detail the rights you have in relation to our processing of your data.

3. Privacy information relating to our social media presence

Below you can find out what we do with your data when you visit our social media pages. This section 3 applies in addition to the general information in section 1. If you cannot find the necessary information in this section 3, please refer to section 1 (e.g. concerning the rights of the data subject in section 1.3). If there is a conflict between the general information and this specific information, the information in this section 3 takes precedence over section 1.

Please note that we have provided additional information about features and tools that we use on our websites and that are supplied by social media providers (e.g. plugins, cookies, etc.) in sections 2.3-2.8.

The information below is structured as follows: Firstly, we provide you with general information in section 3.1 that applies to our presence on all social media platforms. Additional, specific information about our presence on each individual social media platform can be found in sections 3.2 to 3.8.

3.1 Who is the data controller with responsibility for processing data?

Dürr AG (details in section 2.1) maintains our social media presence. Visiting our social media pages results in a variety of data being processed. As the operator of these social media pages, we are the joint data controllers, together with the network operators, in accordance with Art. 4(7) GDPR.

a) Which social media platforms do we have a presence on?

We have a social media presence on the following networks:

  • Facebook: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Facebook”, details in section 3.2);
  • Instagram: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (“Instagram”, details in section 3.3);
  • LinkedIn: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”, details in section 3.4);
  • YouTube: YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066, USA, represented by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“YouTube”, details in section 3.5);
  • Twitter: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland (“Twitter”, details in section 3.6);
  • Xing: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany (“Xing”, details in section 3.7);
  • Kununu: NEW WORK AUSTRIA, XING kununu Prescreen GmbH, Schottenring 2-6, 1010 Vienna, Austria (“Kununu”, details in section 3.8).

b) What purposes are my data processed for?

Dürr maintains a presence on social media platforms to give you an in-depth insight into our offering and our everyday business activities with the aim of arousing your interest in us as your (future) business partner or as your (future) employer.

 

  • Information made public: In individual cases, Dürr can only access the information in your profile that you have made public (for example, your user name, the content published in your profile, and the actions that you take in relation to it, e.g. if you like or share a post). You can find out which information this is under your profile settings. In addition, you have the option to stop following our social media presence. If you do so, your profile will no longer appear in the list of fans (linked contacts) on this social media presence.
  • Making contact: We process your data if you make contact with us via our social media presence, e.g. if you send us a direct message via the network or if you like, share, or comment on one of our posts or if you mention us in a post or if we like, share, or comment on one of your posts. We will use your data (such as your first name, last name, message) so that our customer support can respond to your request.
  • Analysis of usage behavior: We use analysis technologies provided by the network operators to carry out statistical evaluations of the response to our social media presence from visitors. This enables us to adjust and optimize our offering to correspond with visitors’ interests. For this purpose, the network operators store cookies and similar technologies, e.g. pixels, during visits to our social media pages. Many network operators make use of third-party services (e.g. Google Analytics) for this purpose. Registered users can be identified by the network operators. As well as producing the statistics about page use that have been referred to, this processing also helps to improve the advertising displayed by the network operators via the network and on third-party pages.

The legal basis for the data processing is Art. 6(1)(f) GDPR and our legitimate interest in answering your inquiry, offering you services and products that correspond with your interests, and improving our offering and our social media presence, and adapting it to the needs and interests of our visitors. The same applies if you send us your request via a form on the network. You can find details of processing in the context of CRM in section 4.4. If social media providers store cookies or similar technologies on our website for analysis or marketing purposes, we will obtain your consent. For details, please refer to section 2.3.

Right to object

In section 1.3 we explain your right to object to the processing of your data on the basis of Art. 6(1)(f) GDPR.

Note: Processing by network operators and third parties: Please note that network operators also process the data that you have voluntarily made publicly available when you visit and use our social media presence (e.g. reading, commenting on, or liking a post). In addition, network operators also process log data (e.g. your IP address, browser and device information, most recently visited page, location, time stamp, settings). If you have logged into the network using your own profile, the network can assign these data to your profile. Partners of the network operator and third parties can also store cookies via social media networks to provide services to companies that advertise on the networks. This processing is based on the general terms and conditions and privacy policy of the network in question. You will find links to these below. We cannot track or influence processing of this kind.

c) Facelift social media management tool

To manage our social media presence effectively, we use Facelift Cloud from Facelift Brand Building Technologies GmbH, Gerhofstrasse 19, 20354 Hamburg, Germany (“Facelift”).

Facelift Cloud is a platform that supports our processes and enables us to take digital marketing measures with a focus on social media. Facelift Cloud allows content to be added to our presence on social media networks such as Facebook, Instagram, Xing, LinkedIn, Pinterest, YouTube and Twitter, the use of the content by visitors to be evaluated, the social media presence to be adapted to users’ needs, and the presence to be moderated. Facelift provides us with evaluations of the use of our presence on different social media channels. The analysis data are anonymized by Facelift from the start. Facelift stores the messages sent to us via our social media presence for a maximum of one year. For these purposes, Facelift processes the personal data, referred to in section 3.1 b), belonging to users of and visitors to our social media presence as our processor.

This data processing is based on Art. 6(1)(f) GDPR. We have a legitimate interest in analyzing the use of our social media presence and in rapid and efficient communication in order to improve our customer service, the customer experience on our social media presence, and our advertising.

You can find more information about data protection at Facelift Brand Building Technologies GmbH at: https://www.facelift-bbt.com/en/imprint

Right to object

In section 1.3 we explain your right to object to the processing of your data on the basis of Art. 6(1)(f) GDPR.

d) Meltwater social media management platform

We use the all-in-one platform from Meltwater Deutschland GmbH, Rotherstrasse 22, 10245 Berlin, Germany (“Meltwater”), which enables us to manage our social media presence and, at the same time, to monitor traditional online media. The tool analyzes our activities and provides us with information about PR reports relating to us. Meltwater searches publicly available information on our behalf from the following sources among others: Twitter, blogs, forums, Facebook, YouTube, Instagram, Reddit, evaluations, Pinterest, TikTok (you can find information about our social media presence in section 3.1 a)). Meltwater crawls these data sources searching for keywords and relevant themes that we have defined in advance. We receive the results in the form of a dashboard that gives an overview of the previous 15 months. Meltwater anonymizes user data and does not make it available to us. You can find further information about data processing by Meltwater in the Meltwater privacy policy at: https://www.meltwater.com/en/privacy. The data processing is based on our legitimate interest (Art. 6(1)(f) GDPR) in analyzing and managing our media coverage.

Right to object

In section 1.3 we explain your right to object to the processing of your data on the basis of Art. 6(1)(f) GDPR.

After this general information, we have provided you below with information about each individual offering:

3.2 Facebook (Fan page)

Dürr maintains a fan page on Facebook (for details of Facebook, see section 3.1 a)). .

The operator of Facebook is Meta Platforms, Inc. (“Meta”, formerly Facebook, Inc.), 1601 Willow Road, Menlo Park, CA 94025, USA. On the basis of the standard contractual clauses of the EU Commission, Facebook transfers personal data to Meta (for more information on third-country transfers, please refer to section 1.5).

The Facebook terms of service that you can find at the following link apply https://www.facebook.com/terms. You will find information about data collection and other processing by Facebook in Facebook’s data policy: https://facebook.com/about/privacy/

Facebook Insights: Whenever a user makes a visit to our fan page, some of the user’s personal data are collected, e.g. by using cookies. The data are collected primarily by Facebook. You can find details of how Facebook uses cookies in Facebook’s cookie policy at: https://www.facebook.com/policies/cookies/. Visitors to our fan page who are not logged in or registered with Facebook are also recorded.

Dürr has no direct access to the data collected by Facebook. Instead, Facebook provides us only with highly summarized evaluations, e.g.:

  • Followers: Number of people following Dürr, including the growth and development over a defined period.
  • Reach: Number of people who see a specific post. Number of interactions on a post. This indicates, for example, which content receives a better response from the community.
  • Ad performance: How many people have seen an ad?
  • Demographics: average age of visitors, gender, place of residence, language

We use these statistics, which cannot be traced to any particular user, to constantly improve our online offering on Facebook and to better meet our users’ needs. The legal basis for these usage statistics is Art. 6(1)(f) GDPR.

We cannot connect the statistical data to any of our fans’ profile data. You can go to your Facebook settings to choose how targeted ads will be shown to you.

We have reached an agreement with Facebook concerning the joint responsibility under Art. 26 GDPR. You can find the agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum. In the agreement, Facebook acknowledges the joint responsibility under data protection law with regard to the Insights data and complies with key obligations under data protection law (e.g. information from data subjects, data security and reporting breaches of data protection, main contact point for data subjects).

In this particular case, you can exercise your rights as a data subject as follows:

  • If you have questions about the data collected by Facebook, please contact Facebook (you can find information about this in the Facebook data policy, see above).
  • If you have questions or concerns about the Insights data processed by Dürr, please contact our data protection officer (see section 2.1). You will find the remaining rights of data subjects in section 1.3.

3.3 Instagram

Dürr has a presence on the Instagram service provided by Facebook.

The operator of Facebook is Meta (you can find details of Facebook, Meta, and data transfers in sections 3.1 a) and section 3.2).

The Instagram terms of use that you can find at the following link apply https://help.instagram.com/581066165581870. You will find information about data collection and other processing by Facebook in Instagram’s data policy: https://help.instagram.com/519522125107875.

Instagram Insights: Whenever a user makes a visit to our Instagram presence, some of the user’s personal data are collected, e.g. by using cookies. The data are collected primarily by Facebook. You can find details of how Facebook uses cookies in Facebook’s cookie policy at: https://www.facebook.com/policies/cookies/. Visitors to our Instagram presence who are not logged in or registered with Instagram are also recorded.

We use the Instagram Insights function to obtain statistical evaluations of the readers of our posts. You can find details at: https://help.latest.instagram.com/788388387972460?helpref=hc_fnav. Dürr has no direct access to the data collected by Facebook. Please note the additional information about Facebook Insights data in section 3.2, which also applies to Instagram.

3.4 LinkedIn

Dürr maintains a presence on LinkedIn (for details of LinkedIn, see section 3.1 a)).

LinkedIn belongs to the LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, USA. Therefore, data can be transferred to the USA (for more information on third-country transfers, please refer to section 1.5). This transfer is covered by the standard contractual clauses of the EU Commission.

You can find more information about data protection at LinkedIn in the LinkedIn privacy policy: https://www.linkedin.com/legal/privacy-policy. You will find the conditions of use of LinkedIn at: https://www.linkedin.com/legal/user-agreement.

In accordance with the agreement that we have entered into with LinkedIn (available at https://www.linkedin.com/legal/l/dpa), LinkedIn will inform us if a user exercises their rights as a data subject under Art. 15 to 22 GDPR. LinkedIn will help us to answer requests for information. You can exercise your rights (for more information, see section 1.3) against us and against LinkedIn.

LinkedIn Page Analytics: In connection with our LinkedIn presence, we use LinkedIn Page Analytics. LinkedIn acknowledges its role as a joint controller (see the agreement that covers this and that is available at: https://legal.linkedin.com/pages-joint-controller-addendum). LinkedIn uses cookies, for example, to evaluate users’ behavior. From Page Analytics, we obtain information about the use of our content in the form of aggregated data that we cannot link to the profiles of our visitors. In the agreement referred to, LinkedIn accepts responsibility for the rights of data subjects. However, you can still contact us about this, as we explained in section 1.3.

For more information about how we use services from LinkedIn on our websites, please refer to section 2.7 a). You can object to LinkedIn processing your data for advertising purposes at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

3.5 YouTube

Dürr has a channel on the YouTube platform provided by YouTube LLC (for more details, see section 3.1.a)), a subsidiary of Google LLC with headquarters in the USA.

Any Google service may transfer your data that has been collected by Google to the USA (for more information on third-country transfers, please refer to section 1.5). The transfer takes place on the basis of the standard contractual clauses of the EU Commission.

YouTube Analytics: We receive statistics about the use of our channel, including the following aggregated and therefore anonymized information:

  • Total number of video views
  • Average video views per person and trend (falling/rising and by how much)
  • Number of subscribers and trend
  • Number of visitors
  • Interactions from viewers (likes, comments, shared content)
  • Time visitors spent watching videos on the channel
  • Reach of videos
  • Percentage of videos that users watch on average

Data are processed by the network operator on the basis of the terms of service (https://www.youtube.com/static?template=terms) and the Google privacy policy (https://policies.google.com/privacy). You can object to your data being processed by the network operator by changing the settings of your Google account here: https://adssettings.google.com/authenticated. You can find information about managing the privacy settings of your Google account here: https://support.google.com/youtube/topic/9257518?hl=en&ref_topic=9257107.

The agreement that we have reached with Google about our YouTube channel allows you to exercise your rights as a data subject against us (for more information, see section 1.3) and against Google.

3.6 Twitter

Dürr has a presence on Twitter (for more details of Twitter, see section 3.1.a)).

Twitter belongs to Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, and transfers data to the USA on the basis of the standard contractual clauses of the EU Commission (for more information on third-country transfers, please refer to section 1.5).

Twitter processes data on the basis of its terms of service (available at: https://twitter.com/en/tos) and the guidelines referred to there, in particular the Twitter privacy policy (available at: https://twitter.com/en/privacy).

Twitter Analytics: We use the Twitter Analytics statistics service, which records the activities of visitors to our Twitter account and processes the data to provide us with statistics. This gives us details about how the subscribers and other visitors to our Twitter account read and use our tweets and which countries and cities they come from and also provides statistics about their gender ratios, age distribution, providers, and interests (accumulated). It is not possible to identify individual visitors (the exception to this is the monthly evaluation of the top follower and top mention).

In the agreement entered into with us (which you can access here: https://privacy.twitter.com/en/for-our-partners/global-dpa), Twitter has undertaken to inform us in the event of inquiries from data subjects relating to our Twitter presence. For information about the rights of data subjects, please refer to section 1.3.

3.7 Xing

Dürr has a social media presence on Xing (for details of Xing, see section 3.1 a)).

You can find information about the way in which Xing processes your data (including the use of cookies and similar technologies) in the Xing general terms and conditions (available at: https://www.xing.com/terms) and in the Xing privacy policy (https://privacy.xing.com/en/privacy-policy).

Analysis: We are provided with statistical evaluations (e.g. Xing BrandManager and Recruiter Insights) of the accesses to our Xing presence (including click paths). Xing uses third-party providers (e.g. Google, Adobe) for this purpose, and the data may be transferred to third countries that do not provide adequate data protection (for more information on third-country transfers, please refer to section 1.5 and on Google Analytics to section 2.6 a)). We cannot identify individual visitors using these aggregated data. We use the statistical evaluations to improve the attractiveness of our presence and to adapt it to the interests of our visitors.

If users are logged into their Xing profile when they access our Xing presence, information can be assigned to the profile. In addition, we can see the information from the user account. If you want to prevent this from happening, you should log out of your own Xing profile before you visit our Xing presence.

Xing provides information about other ways to object to tracking by Xing and its service providers under the following link: https://privacy.xing.com/en/privacy-policy/information-we-automatically-receive-through-your-use-of-xing/provision-of-our-service. To exercise your rights as a data subject, please refer to section 1.3.

3.8 Kununu

Dürr has a social media presence on Kununu (for details of Kununu, see section 3.1 a)). Kununu belongs to Xing, and the basic conditions are the same in some cases (see section 3.7).

You can find information about the way in which Kununu processes your data (including the use of cookies and similar technologies) in the Xing privacy policy (see section 3.7), which also applies to Kununu. You can find the Kununu general terms and conditions at: https://www.kununu.com/de/info/agb.

Analysis: We have access to statistical evaluations of accesses and activities on our Kununu presence. The information provided about Xing (section 3.7) also applies in this case. For information about the rights of data subjects, please refer to section 1.3.

3.9 Your rights as a data subject

In section 1.3, we describe in detail the rights you have in relation to our processing of your data.

4. Privacy information relating to other data processing by companies in the Dürr Group not in connection with the websites

Below you can find out what we do with your data in our business activities that are not connected with our websites. This section 4 applies in addition to the general information in section 1. If you cannot find the necessary information in this section 4, please refer to section 1 (e.g. concerning the rights of the data subject). If there is a conflict between section 4 and section 1, the information in section 4 takes precedence over section 1.

4.1 Who is the data controller with responsibility for processing data?

This section covers data processing by the companies in the Dürr Group that are included in this list, unless the processing is based on the provision of the website (in which case sections 2 and 5 apply).

In the annex, you will also find the contact details of the data controller (the company that you are in contact with) and its data protection officer.

Alternatively, if you have any questions or concerns relating to data protection, you can also contact the data protection officer of Dürr AG by email at dataprotection[at]durr.com or by mail at

Dürr Aktiengesellschaft
Attn: Data Protection Officer
Carl-Benz-Str. 34
74321 Bietigheim-Bissingen
Germany

In many cases that are described in detail here, two or more companies of the Dürr Group are joint controllers with responsibility for processing the data (see section 4.4, for example).

4.2 Collection, storage and use of personal data

If you enter into a contractual relationship with us (e.g. if you place an order for our goods and services or if we award a contract to your company) or if a contractual relationship with you is planned or if we make contact with or provide information to companies or if we carry out customer satisfaction studies or product surveys, we collect the following information:

  • Master data (e.g. title, first name, last name, gender)
  • Communication data (e.g. business telephone number (landline and/or cell phone), valid email address, business mailing address)
  • Survey data (comments and evaluations provided by the customer) and log data (time stamp showing when the customer responded to the survey)
  • Data provided during the use of a training portal, e.g. participation details, evaluations, test results, and comments

These data are collected:

  • to be able to identify you or your company/your employer as our customer/potential customer for our services/supplier
  • to enter into a contractual relationship with you/your company/your employer
  • to fulfill the contract subsequently entered into with you/your company/your employer
  • to correspond with you for the purpose of entering into or fulfilling a contract
  • to issue invoices if a contractual relationship involving payment is entered into
  • to improve our customer service, services, and products
  • for marketing and advertising purposes
  • for the purposes of our legitimate interests

The data are processed at your request or as part of customer satisfaction studies and product surveys, and the processing is necessary in accordance with Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR (if you work for a company) for the specified purposes in order to enter into a contractual relationship and to allow both parties to fulfill their obligations under the contract that is subsequently concluded.

If you have given your consent to us processing your data for specific purposes, such as product advertising or marketing, this is based on Art. 6(1)(a) GDPR.

In addition, your personal data are processed for the purposes of our legitimate interests in accordance with Art. 6(1)(f) GDPR, including:

  • to improve the Dürr Group’s portfolio of products and services on your behalf
  • to produce statistical evaluations
  • to be able to pass your inquiry on to one of our distributors and to guarantee that the Dürr Group's IT systems and buildings are secure

The personal data we collect are stored until the purposes listed above no longer apply and are then erased, unless we are required to store the data for a longer period in accordance with Art. 6(1)(c) GDPR on the basis of legal retention and documentation requirements (e.g. in the German Commercial Code, Criminal Code, or Fiscal Code) or unless you have consented to the data being stored for a longer period in accordance with Art. 6(1)(a) GDPR.

4.3 Disclosure of your data

Your personal data will not be transferred to third parties except for the purposes listed below.

If this is necessary in accordance with Art. 6(1)(b) GPDR (or in accordance with Art. 6(1)(f) GDPR if you are representing a company) for the purpose of fulfilling a contract that we have entered into with you, your personal data will be transferred to third parties. These include in particular companies in the Dürr Group or its partners that we use as shipping and payment service providers or portal operators for the performance of the contract.

The data that are transferred may be used by these third parties only for the specified purposes.

In accordance with Art. 6(1)(f) GDPR, your personal data can also be transferred to third parties that we use for the purposes of our legitimate interests as described in section 4.2 (including marketing service providers, distributors, consultants, agencies, companies from the Dürr Group).

If this is necessary for us to provide a service, your personal data, which we have your consent to use for the purposes in accordance with Art. 6(1)(a) GDPR, will be transferred to partners (including advertising and shipping service providers, Dürr Group companies).

If the recipients referred to above process your data outside the EEA, please refer to section 1.5.

4.4 Joint CRM system that we operate as a joint controller

The companies in the Dürr Group operate a joint database (CRM system) and therefore act as joint controllers under the terms of Art. 26 GDPR.

You can find a list of the companies in the Dürr Group here. The data are stored only as long as required for the purpose they were collected for or as required by law or if we have a legitimate interest in storing them, for example, law enforcement.

If the data are transferred to Dürr companies outside the EEA, this is based on the standard contractual clauses of the EU Commission. Please also refer to the information on third-country transfers in section 1.5.

The CRM system is provided by Salesforce. The data are stored in the EU. Data may be transferred to companies in the Salesforce Group outside the EEA (for details of Salesforce, see section 2.2 c)).  

Internally we have drawn up a contract that divides the joint controller roles as follows: Data subjects can approach all joint controllers to exercise their rights as data subjects (for details of the rights of data subjects, see section 1.3).

The company in the Dürr Group that you provided your data to is your first point of contact. Dürr Systems AG is the controller responsible for the information obligations under Art. 13(f) GDPR and has overall responsibility for the CRM system. Within their scope of operations, the joint controllers are responsible for fulfilling the required reporting obligations and maintaining documentation; imposing confidentiality obligations on employees; explaining employees’ obligations under data protection law to them and ensuring the technical and organizational security of the data processing.

4.5 Your rights as a data subject

In section 1.3, we describe in detail the rights you have in relation to our processing of your data.

5. Privacy information relating to the event website

Below you can find out what we do with your data when you visit events.durr.com (our “event website”). This section 5 applies in addition to the general information in section 1. If you cannot find the necessary information in this section 5, please refer to section 1 (e.g. concerning the rights of the data subject).

If we refer to detailed information in sections 2 and 3 in the following, these sections also apply accordingly. If there is a conflict between section 5 and sections 1-3, the information in section 5 takes precedence over sections 1-3.

5.1 Who is the data controller with responsibility for processing data?

The data controller responsible for data processing in connection with the event website is:

Dürr Systems Aktiengesellschaft
Carl-Benz-Straße 34
74321 Bietigheim-Bissingen
Telephone +49 71 42 78 0
Fax +49 71 42 78 17 16

If your event is not organized by Dürr Systems AG, but by another Dürr Group company (details of the organizer can be found in the invitation email or event announcement on this website, for example), Dürr Systems AG and the respective Group company (also referred to as the “organizer”) act as joint controllers. You can find the names of contacts and their contact information here.

Internally we have divided up the joint controller roles as follows: Data subjects can approach both joint controllers to exercise their rights as data subjects (see Section 1.3). The organizer is responsible for the use of the contact information. Dürr Systems AG is the controller responsible for the information obligations under Art. 13(f) GDPR. Within their scope of operations, both joint controllers are responsible for fulfilling the required reporting obligations and maintaining documentation; imposing confidentiality obligations on employees; explaining employees’ obligations under data protection law to them and ensuring the technical and organizational security of the data processing.

Alternatively, you can also contact our data protection officer by email at dataprotection[at]durr.com if you have any questions or concerns relating to data protection.

5.2 What personal data are collected and stored and for what purposes?

On our event website, we organize digital networking events, product launches, presentations, discussion panels, meetings, and other events that visitors to our website can take part in (“events”).

a) Visiting the event website

When you use our event website, your personal data are logged, as described in section 2.2 a). The information there applies accordingly.

Cookie management tool:

On our event website, we also use the cookie management tool supplied by OneTrust, LLC (joint headquarters in the UK: Dixon House, 1 Lloyd’s Avenue, London, EC3N 3DQ; joint headquarters in the USA: 1200 Abernathy Rd NE, Building 600, Atlanta, GA 30328, USA, referred to in the following as “OneTrust”). The transfer of data is based on the standard contractual clauses of the EU Commission (for more information on third-country transfers, please refer to section 1.5).

Using the tool, we obtain your consent to store specific cookies on your device and document them in accordance with data protection legislation. You can also change your preferences at any time using the tool.

When you visit our website, a connection is made to the servers of OneTrust to obtain your consent and provide you with information about the use of cookies. Subsequently, OneTrust stores a cookie in your browser so that it can connect the consent you have granted and the withdrawal of this consent to you. The data that are collected in this way are stored until you ask us to erase them or erase the OneTrust cookie yourself or until the purpose for storing the data no longer applies. Any statutory obligations to store the data remain unaffected.

We use the OneTrust tool to obtain the consent required by law for the use of cookies. The legal basis for the processing of the consent is Art. 6(1)(c) GDPR. The use of the tools is based on our legitimate interest in using a specialist tool to provide transparent information about our cookies and about the management of website users’ consent (Art. 6(1)(f) GDPR).

You can find more information about how OneTrust processes your data here https://www.onetrust.com/privacy-notice/.

b) Logging in and registering

(1) HubSpot:
In connection with our event website, we use customer management, content management and marketing services provided by the service provider HubSpot Ireland Limited, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland (“HubSpot”).

(2) Microsoft:
We also use cloud services for contact management and in order to provide a simple solution for registering for all of our events (single sign-on) provided by Microsoft Ireland Operations Limited, 70 Sir Rogerson’s Quay, Dublin 2, Ireland (“Microsoft”, for more information see section 2.2 b)).

We use the services of both HubSpot and Microsoft as follows: For certain content on our event website (e.g. participating in an event, download center), we offer you the option of logging in with a user name and password. Registration for these services takes place either after personal contact with our employees or after registering on our website using the registration form, with access subsequently being granted by one of our employees. The registration form is used to collect the following data, in particular:

  • First name and last name, title
  • Company name
  • Position in the company
  • Email address
  • Any other information that you provide voluntarily, such as a photo, which you can upload, or your areas of interest.

These data are stored on HubSpot servers and can be transferred to associated companies of HubSpot, including HubSpot Inc., in the USA. The same applies to Microsoft and associated companies of Microsoft (for details of Microsoft, see section 2 d)). The transfer of data is based on the standard contractual clauses of the EU Commission (for more information on third-country transfers, please refer to section 1.5). Please read HubSpot’s privacy policy carefully at https://legal.hubspot.com/privacy-policy for more information on data processing by HubSpot. During the registration process, we specifically inform you about the transfer of your data and the increased risk to your data associated with this and obtain your consent to this (Art. 6(1)(a) GDPR), which you can withdraw at any time with future effect. Please note that participation/registration is not currently possible without this consent.

The legal basis for the processing of the data that you provide to us during registration is Art. 6(1)(b) GDPR for contracts that are implemented or, where there is no contract, Art. 6(1)(f) GDPR, and our legitimate interest, which is the same as the purpose of the processing, in other words, providing you with the information you requested and holding the event that you are interested in and have registered for. Participation without registration is not possible, because under some circumstances we provide confidential and internal company information via our website. We must ensure that this information is only accessed by authorized parties.

The data are erased as soon as they are no longer needed for the purpose they were collected for. For example, when the data are no longer required for the implementation of the contract. After the conclusion of the contract, it may be necessary to store the contractual partner’s personal data in order to comply with contractual or statutory obligations.

As a user, you can cancel your registration at any time. You can have your stored data modified at any time. Simply email us at info[at]durr.com.

If the data are necessary for the performance of a contract or for steps prior to entering into a contract, premature erasure of the data is only possible if this is not prevented by contractual or statutory obligations.

c) Contact options, chat function

We offer you various contact options, e.g. contact via the email addresses provided, a chat function, and a contact form, for certain functions of our website (e.g. inquiries from customers, visitors, or the press).

We use the services of HubSpot in this connection as well (see section 5.2 b)). The data transferred via the contact form or chat function, and the fact of its use, and the user’s data transferred in the email are stored. This includes the participants in the chat, the time and content of the messages, the users, and the forms they used. HubSpot evaluates this information in aggregated form against the total number of uses of the respective form.

We use your data solely to process your request and can contact you for this purpose using the contact data provided. The legal basis for processing data that are transferred in the course of contacting us is Art. 6 (1)(f) GDPR and our legitimate interest in responding to the inquiry. If the aim of making contact is to enter into a contract, then the legal basis for processing is Art. 6 (1)(b) GDPR.

The data are erased as soon as they are no longer needed for the purpose they were collected for. The personal data that you have sent to us for the purpose of making contact will be erased once the relevant conversation with you has come to an end. The conversation is deemed to have ended when it is clear from the circumstances that the matter in question has been conclusively resolved. We generally store the written transcript of the chat together with the conference for a period of four weeks after the chat occurred only insofar as separate erasure from the conference recording is not possible. However, under some circumstances we are entitled and, in some cases, obligated to store the data for longer, e.g. due to a statutory documentation obligation.

d) Video and audio chats and video conferences (e.g. webinars or presentations)

As a registered user of our website on the basis of Art. 6 (1)(b) GDPR, when you log in to the website you can visit dedicated chatrooms for your event, where you can speak to our employees, the moderators, and other guests. Additionally, on our website we offer the option of participating in video conferences of various types (e.g. webinars, presentations, panel discussions, networking events).

(1) Microsoft:
In this area, we work with a third-party provider, depending on the format and technology, such as Microsoft and its “Teams” video conference service. Please note the following information: Microsoft processes the personal data of the visitors to the events, which we organize using Microsoft Teams, as our processor (we remain the controller responsible for the processing). However, Microsoft also processes some data (e.g. data generated by cookies for measuring the use of the services or other telemetry data) for its own business purposes (e.g. invoicing and account management), for Microsoft internal reporting and business modeling (e.g. forecasts, revenue, capacity planning, product strategy), combating fraud, and improving core functionality. This applies regardless of whether or not you yourself have a Microsoft user account and whether or not you are logged in. Microsoft is a subsidiary of Microsoft Corporation in the USA. It is therefore possible that your data may be transferred to a data center in the USA. The transfer is based on the standard contractual clauses of the EU Commission and on additional assurances made by Microsoft to the users. Please refer to the general Microsoft privacy policy at https://privacy.microsoft.com/en-US. We base our use of services such as Teams and the processing of the provider associated with this for its own limited purposes on Art. 6(1)(f) GDPR and our legitimate interest in holding the events in digital form.

(2) b&b Digital GmbH:
To live stream an event, we use the service provided by b&b Digital GmbH (“b&b”). b&b processes the personal data of the visitors to our events, where we use the streaming service of b&b, as our processor (we remain the controller responsible for the processing). b&b collects the following personal data: Login and logout are stored with the time stamp, name and IP address. Additionally, the streams may be recorded (see “Recordings”). We base our use of the streaming service of b&b and the processing associated with this on Art. 6(1)(f) GDPR and our legitimate interest in holding the events in digital form.

(3) Sli.do:
We use the chat function of the service provider sli.do s. r. o., Vajnorská 100/A, 831 04 Bratislava, Slovakia (“slido”), which is part of the Cisco Systems Inc. Group and which, as our processor, processes personal data of the participants (e.g. name, email, company), as well as data shared by the participants with other participants via the service (e.g. questions, ideas, chat messages). We base our use of slido’s service and the processing associated with this on Art. 6(1)(f) GDPR and our legitimate interest in communicating with the participants while holding the events in digital form. If slido transfers the data to third countries, this transfer is based on standard contractual clauses.  

(4) Vimeo:
For the purposes of video streaming, we use the services of Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA (“Vimeo”). When you view the video stream, information (including your IP address, time stamp, browser, operating system, device information, use behavior, etc.) is sent directly to the Vimeo servers and transferred to the USA. If you are logged into Vimeo, Vimeo can directly associate your visit to our website with your Vimeo account.

In accordance with Art. 6(1)(a) GDPR, our data processing is based on your consent, which you give when you register and can withdraw at any time with future effect. Your consent includes the transfer of your personal data to the USA.

If you do not want Vimeo to directly associate the data collected via our website with your Vimeo account, you must log out of Vimeo before visiting our website. Please consult the Vimeo privacy policy for information about the purpose and scope of the data collection by Vimeo and the additional processing and use of the data by Vimeo: http://vimeo.com/privacy.

Recordings:
In individual cases, a recording may be made of the chat, your participation, or your spoken message. By switching on your camera or your microphone and participating in our event, you consent (in accordance with Art. 6(1)(a) GDPR) to the recording of your image and/or your voice. If you do not want your voice or image to be recorded, you can withdraw your consent at any time by switching off your camera and/or your microphone. Please note that withdrawal does not affect the lawfulness of any processing that had already occurred. Even if you switch off your microphone and/or your camera, it is possible to ask questions in writing, either during the event or afterwards.  We store the chats for a period of four weeks after they were recorded, unless separate erasure from the conference recording is not possible, e.g. because you asked a question during a conference and your spoken message was recorded along with the conference. Depending on the event, we keep the recording of the event accessible on the Internet for as long as we deem reasonable. However, under some circumstances we are entitled and, in some cases, obligated to store the data for longer, e.g. due to a statutory documentation obligation.

e) Advertising messages (e.g. email newsletters, invitations)

You can register on our website for advertising messages from Dürr AG (e.g. newsletters) to obtain more detailed information about our offering or to receive invitations to future events. For details, please refer to section 2.8.

Future invitations (tracking)

If you also want to be invited to our events in the future, you can register for the corresponding information service, which is also provided by our service provider HubSpot (for details of HubSpot, see Section 5.2.b)).

HubSpot Tracking

The invitation emails sent by HubSpot on our behalf contain a tracking pixel, which transfers information to HubSpot when you open the email. We receive this information from HubSpot’s servers to generate statistical analyses, to measure the success of our invitations, and to check whether you were invited, when you register for a future event. The tracking pixel in the emails is used to track whether the email or a link in the email was opened and also, in some cases, for how long. If an email is sent to multiple recipients, it is not possible to know who opened the email/link, but only that the email or link was opened by one of the addressees. This information is also used to produce anonymized analyses, statistics, and evaluations.

5.3 Cookies

We use cookies on our website. For details, please refer to section 2.3, which also applies to the event website.

The following cookies in particular are used on the event website.

Name of cookie Type of cookie Name of application Purpose of cookie Storage duration
__hstc  Technically required  Webinar assignment (HubSpot)  To check whether a user is entitled to take part in an event, it is necessary for the user to be recognized.  For this purpose, the cookie contains the domain, the user token (utk), the first time stamp (of the first visit), the last time stamp (of the last visit), the current time stamp (of this visit), and the number of sessions (increases with every subsequent session).  13 months
hubspotutk  Technically required  Webinar assignment (HubSpot)  This cookie tracks the identity of a user. It is transferred to the HubSpot software when a form is submitted and used to de-duplicate contacts (in other words, to merge identical data sets) in order to prevent a new data set being added for a user every time they access a platform.  13 months
__hssc  Technically required  Webinar assignment (HubSpot)  This cookie is used to determine whether the HubSpot software needs to increase the number of sessions and the time stamp in the __hstc cookie (see this cookie).  30 minutes
__hssrc  Technically required  Webinar assignment (HubSpot)  Whenever the HubSpot software changes the session cookie, this cookie is stored. It is used to determine whether the user has restarted the browser.  Until the end of the session
__cfruid  Technically required  Cloudflare This cookie is used by Cloudflare to guarantee confidential access. All cookies stored by other websites are ignored during the access.  12 months
Optanonconsent  Technically required  Cookie compliance tool (OneTrust)  This cookie is stored by the OneTrust cookie compliance solution. It stores information about the categories of cookies that the website uses and about whether users have given or withdrawn their consent to the use of every category.  12 months
OptanonAlertBoxClosed Technically required  Cookie compliance tool (OneTrust) This cookie is used to determine whether the banner should be displayed to the user or whether the user has already confirmed this. 12 months
li_fat_id Marketing LinkedIn This cookie is an indirect identifier for members that is used for conversion tracking, retargeting, and analyses. 30 days
lidc Marketing LinkedIn This cookie facilitates data center selection. 24 hours
bcookie Marketing LinkedIn Browser identifier 2 years
UserMatchHistory Marketing LinkedIn This cookie synchronizes the IDs of LinkedIn ads. 30 days
li_giant Marketing LinkedIn Indirect identifier for groups of LinkedIn members that is used for conversion tracking. 7 days
BizographicsOptOut Marketing LinkedIn This cookie is used to determine the opt-out status for third-party tracking. 10 years
x-ms-cpim-admin Functionality Azure AD Contains cross-client data on the user’s membership: Clients that a user belongs to and the level of membership (“admin” or “user”). End of the browser session
x-ms-cpim-slice Functionality Azure AD For transferring requests to the corresponding production instance. End of the browser session
x-ms-cpim-trans Functionality Azure AD For tracking transactions (number of authentication requests to Azure AD B2C) and the current transaction. End of the browser session
x-ms-cpim-sso:{Id} Functionality Azure AD For managing the session with single sign-on (SSO). This cookie is set to persistent if persistent is activated. End of the browser session
x-ms-cpim-cache:{id}_n Functionality Azure AD For managing the request status. End of the browser session, successful authentication
x-ms-cpim-csrf Functionality Azure AD Token for cross-site request forgery (CSRF) to protect against CSRF attacks. End of the browser session
x-ms-cpim-dc Functionality Azure AD For Azure AD B2C network routing. End of the browser session
x-ms-cpim-ctx Functionality Azure AD Context End of the browser session
x-ms-cpim-rp Functionality Azure AD For storing membership data for the resource provider client. End of the browser session
x-ms-cpim-rc Functionality Azure AD For storing the relay cookie. End of the browser session

5.4 Disclosure of your data

We can disclose your data to third parties as described in section 1.2.

We can also disclose your data to our IT service providers that help us to provide the website, send invitations, hold events, etc. (e.g. Microsoft, HubSpot, and Thema AG, which helped us to set up the website).

5.5 Integration and use of social networks and map services (cookies, plugins, and hyperlinks)

Please refer to sections 2.4 and 2.5, which also apply to the event website, for information about the integration (e.g. via links and plugins) by us and the integration of map services. You can find privacy information relating to our use of social networks in section 3.

5.6 Use of analysis and marketing services

Please refer to sections 2.6 and 2.7, which also apply to the event website, for information about use of analysis and marketing services.

5.7 Your rights as a data subject

In section 1.3, we describe in detail the rights you have in relation to our processing of your data.

6. Privacy information relating to job applications

Below you can find out what we do with your data when you send us a job application. This section 6 applies in addition to the general information in section 1. If you cannot find the necessary information in this section 6, please refer to section 1 (e.g. concerning the rights of the data subject).

If we refer to detailed information in sections 1-5 in the following, these sections also apply. If there is a conflict between section 6 and sections 1-5, the information in section 6 takes precedence over sections 1-5.

6.1 Who is the data controller with responsibility for processing data?

This section 6 covers data processing relating to your job application by the companies in the Dürr Group that are included in this list, unless the processing is based on the provision of the website (in which case sections 2 and 5 apply). The company that you apply to is always the controller responsible for processing your application data. In the list under the link, you will find the contact details of the controller and the relevant data protection officer. Alternatively, if you have any questions or concerns relating to data protection, you can also contact the data protection officer of Dürr AG by email at dataprotection[at]durr.com or by mail at

Dürr Aktiengesellschaft
Attn: Data Protection Officer
Carl-Benz-Str. 34
74321 Bietigheim-Bissingen
Germany

6.2 Collection, storage and use of personal data

When you apply to a company in the Dürr Group, you provide the company with your personal data for the purposes of a job application, because you are looking for a job. Your data will be stored and processed on the IT systems of our external provider of recruitment management services.

During the application process, we collect the following information:

  • Master data (e.g. title, first name, last name, date of birth, place of residence)
  • Documents (e.g. references, certificates, CV, motivation letter)
  • Data for paying travel expenses (e.g. bank details)
  • Communication data (e.g. phone number (landline and/or cell phone), email address, mailing address)
  • Log data generated during the use of the IT systems

The data are processed at your request and in relation to your application, and the processing is necessary in accordance with Art. 6(1)(b) GDPR in order to enter into a contractual relationship and to allow both parties to fulfill their obligations under the employment contract that may subsequently be concluded. Within the Dürr Group company that you apply to, only the people and departments involved in the recruitment process (e.g. managers and employees who are involved in the recruitment process from the technical department and HR and employee representatives) have access to your personal data.

If you have also given your consent to us processing your data for specific purposes, this is based on Art. 6(1)(a) GDPR. In addition, your personal data are processed for the purposes of our legitimate interests in accordance with Art. 6(1)(f) GDPR, among other things to produce anonymized statistical evaluations.

The personal data we collect are stored until the purposes listed above no longer apply and are then erased, unless we are required to store the data for a longer period in accordance with Art. 6(1)(c) GDPR on the basis of legal retention and documentation requirements (e.g. in the German Commercial Code, Criminal Code, or Fiscal Code) or unless you have consented to the data being stored for a longer period in accordance with Art. 6(1)(a) GDPR.

6.3 Disclosure of your data

Your personal data will not be transferred to third parties except for the purposes listed below.

The data from your application can be transferred within the Dürr Group in relation to another job advertisement in accordance with Art. 6(1)(a) GDPR if you are a match for the other job and if you have given your consent to your data being transferred for this purpose.

To take steps prior to entering into a contract as part of the recruitment process, your data will be transferred to third parties in accordance with Art. 6(1)(b) GDPR. These include our external provider of recruitment management services. The data that are transferred may be used by these third parties only for the specified purposes.

For the purposes of the legitimate interests referred to in section 6.2 in accordance with Art. 6(1)(f) GDPR, your personal data will only be transferred to our external provider of recruitment management services for the creation of anonymized statistical evaluations.

If the recipients referred to above process your data outside the EEA, please refer to section 1.5.

6.4 Your rights as a data subject

In section 1.3, we describe in detail the rights you have in relation to our processing of your data.