Privacy policy of
dkd Internet Service GmbH

Chapter overview:

I. General information
II. Collection and processing of personal data
III. General information on data processing
IV. Provision of the website and creation of log files
V. Use of cookies
VI. Newsletter
VII. Registration
VIII. Contact form and email contact
IX. Duty to provide information for applicants
X. Web analysis by Matomo (formerly PIWIK)
XI. Use of social networks (social media)
XII. Use of Cloudflare as front-end hosting – content refers to mach.dkd.de
XIII. Rights of the data subject

I. General information

dkd Internet Service GmbH – hereinafter referred to as dkd – appreciates your visit to our website and your interest in our company. We want you to feel confident that your data is in good hands with us.
We attach the utmost importance to the protection of personal data. We comply with data protection regulations when collecting, processing and using your personal data.

This privacy policy applies only to our websites. If you are redirected to other sites via links on our pages, please refer to their respective privacy policies for information on how they handle your data.

II. Collection and processing of personal data
 

Personal data is any data that allows you to be identified (e.g. name, address, telephone number, email address).
We only collect, process and use personal data, in particular inventory data, in accordance with the applicable regulations if this is necessary for business transactions (e.g. when contacting us, for customer enquiries, for contract processing or when registering for our newsletter).
Data and information in connection with applications that we receive from you via online forms or other means will be treated as strictly confidential and used exclusively for the purpose for which it was provided.

I. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

dkd Internet Service GmbH
Kaiserstraße 73
60329 Frankfurt / Main
Tel.: +49 69 2475218-0
E-Mail: info@dkd.de
Website: dkd.de

II. Name and address of the data protection officer
The data protection officer of the controller is:

Kircher Datenschutz
Telegraphengasse 1
36037 Fulda

Tel.: 0661 / 960906-30
Email:

III. General information on data processing

1. Scope of processing personal data
We only process our users' personal data to the extent necessary to provide a functional website and our content and services. The processing of our users' personal data is generally only carried out with the user's consent. An exception applies in cases where it is not possible to obtain prior consent for practical reasons and the processing of the data is permitted by law.

2. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6 (1) lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6(1)(d) GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.

3. Data deletion and storage period
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Storage may also take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

IV. Provision of the website and creation of log files

1. Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

  1.  IP address
  2. Cookie, to distinguish between different visitors
  3. Previously visited URL (referrer), if transmitted by the browser
  4. Name and version of the operating system
  5. Name, version and language settings of the browser
  6. URLs visited on this website
  7. Times of page views
  8. Type of HTML requests
  9. Screen resolution and colour depth
  10. Technologies and formats supported by the browser (e.g. cookies, Java, Flash, PDF, Windows Media, QuickTime, RealPlayer, Director, SilverLight, Google Gears)
  11. Date and time of your access to the site

The date, time and IP address are also stored in our system's log files. This data is not stored together with other personal data relating to the user.

2. Legal basis for data processing
The legal basis for the temporary storage of data and log files is Art. 6 (1) lit. f GDPR.

3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.

The data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not evaluated for marketing purposes in this context.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 (1) lit. f GDPR.

4. Duration of storage
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of data collected for the provision of the website, this is after 14 days.

In the case of data storage in log files, this is done after fourteen days at the latest. Storage beyond this period is possible. In this case, the IP addresses of users are deleted or anonymised so that it is no longer possible to identify the accessing client.

5. Right to object and right to erasure
The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Consequently, there is no right to object on the part of the user.

V. Use of cookies

1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is accessed again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

The following data is stored and transmitted in the cookies:

Technical cookies:

  1. shop.dkd.de: Time zone (server)
  2. klaro - Stores the status of cookie consent settings

Session cookies:

  1. shop.dkd.de: Session identifier (CSRF)
  2. shop.dkd.de: Login status

Third-party cookies:

Provider

Name of cookie

Storage duration

Description

Google

.doubleclick.net

test_cookie

15 minutes

Set on a trial basis to check whether the browser allows cookies to be set. Does not contain any identifying features.

Google

.youtube.com

YSC

Session

Registers a unique ID to keep statistics on the YouTube videos that the user has watched.

VISITOR_INFO1_LIVE

3 months

Attempts to estimate user bandwidth on pages with embedded YouTube videos.

PREF

5 years

May store the user's settings and other information, in particular the preferred language (e.g. English), how many search results should be displayed per page (e.g. 10 or 20) and whether the Google SafeSearch filter should be activated.

GPS

1 day

Registers a unique ID on mobile devices to enable tracking based on geographical GPS location.

Vimeo

.vimeo.com

vuid

2 days

Collects data from users about their visit and the pages they have accessed.

Vimeo

player.vimeo.com

muxData

20 years

This cookie is used in connection with a video player, as it remembers the point at which the visitor was interrupted while watching video content, so that the video can start from that point when the visitor calls it up again.

Facebook

.facebook.com

fr

3 months

Stores device information and information about user activity

We also use cookies on our website that enable us to analyse users' browsing behaviour.

This allows the following data to be transmitted:

Tracking cookies:

  1. _pk_id.1.e13a - Assigns the user, sets a session ID - Storage period - 393 days
  2. _pk_ses.1.e13a - Records user actions on the website - Storage period 30 minutes

The user data collected in this way is pseudonymised by technical measures. This means that it is no longer possible to assign the data to the user who accessed the website. The data is not stored together with other personal data of the users.

When accessing our website, users are informed about the use of cookies for analysis purposes by a cookie banner and referred to this privacy policy. In this context, there is also a note on how to prevent the storage of cookies in the browser settings.

When visiting our website, users are informed about the use of cookies for analysis purposes and their consent to the processing of personal data used in this context is obtained. In this context, reference is also made to this privacy policy.

2. Legal basis for data processing
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR, provided that the user has given their consent.

3. Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognised even after a page change.

We require cookies for the following applications:

  1. shop.dkd.de: Shopping basket and ordering process (transaction security)
  2. shop.dkd.de: User account (transaction security)
  3. shop.dkd.de: Individualised price display
  4. Cookie consent Save user's choice

The user data collected by technically necessary cookies is not used to create user profiles.

Matomo is used at dkd for the purpose of improving the quality of our website and its content. We need the data to analyse user surfing behaviour and obtain information about the use of individual components (see list) of the website. This enables us to continuously optimise the website and its user-friendliness. It is not possible to draw conclusions about a specific person, as the IP address is anonymised immediately after processing and before storage.
Matomo is therefore used exclusively for the provision, optimisation and security of our website (marketing & sales).

The following components are taken into account:

  • Analysis of important key data relating to users (e.g. country of origin, operating system, browser used)
  • Number of page views
  • Unique visits
  • Time spent on the website
  • Bounce rate
  • Access times
  • Returning visitors
  • Most frequently visited pages
  • Entry and exit pages
  • Outgoing links
  • Referrers (direct access, search engines, website)
  • Search terms used
  • Geo-localisation of users
  • Statistics on visitors using mobile devices

These purposes also constitute our legitimate interest in processing personal data in accordance with Art. 6 (1) lit. f GDPR.

4. Duration of storage, right to object and right to erasure
Cookies are stored on the user's computer and transmitted to our site. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

VI. Newsletter

1. Description and scope of data processing
On our website, you have the option of subscribing to a free newsletter. When you register for the newsletter, the data from the input mask is transmitted to us:

  1. Surname (optional)
  2. First name (optional)
  3. Email address

In addition, the following data is collected during registration and analysis:

  1. IP address
  2. Date and time of registration

The following data is collected during analysis:

  1. Newsletter open rate
  2. Times at which emails were opened
  3. Which link was clicked + time
  4. Email client used
  5. Location

Your consent will be obtained during the registration process for the processing of data, and reference will be made to this privacy policy.

In connection with data processing for the purpose of sending newsletters, the data will be passed on to third parties (MailChimp - Rocket Science Group, USA). The data will be used exclusively for sending the newsletter. Details can be found under ‘MailChimp privacy policy’.

2. Legal basis for data processing
The legal basis for processing data after the user has subscribed to the newsletter is Art. 6 (1) (a) GDPR, provided the user has given their consent.

3. Purpose of data processing
The user's email address is collected for the purpose of delivering the newsletter.

The collection of other personal data during the registration process serves to prevent misuse of the services or the email address used.

4. Duration of storage
The data will be deleted as soon as it is no longer required for the purpose for which it was collected. The user's email address will therefore be stored for as long as the newsletter subscription is active.

Other personal data collected during the registration process will be deleted immediately after the purpose for which it was collected has expired.

5. Right to object and right to erasure
The user concerned can cancel their subscription to the newsletter at any time. A link for this purpose is provided in every newsletter.

This also allows the user to revoke their consent to the storage of personal data collected during the registration process.

VII. Registration

1. Description and scope of data processing
On the website shop.dkd.de, we offer companies the opportunity to register by providing the following data. The data is entered into an input mask, transmitted to us and stored. The data is not passed on to third parties. The following data is collected during the registration process:

  1. Title
  2. First name
  3. Last name
  4. Email address
  5. Password
  6. Company
  7. VAT ID
  8. Company address

During the registration process, the user's consent to the processing of this data is obtained.

When you use our services, we may store your IP address and the time of each login. This storage is based on our legitimate interests and the interests of users in protecting against misuse and other unauthorised use. This data is not passed on to third parties unless it is necessary to pursue our claims in accordance with Art. 6 (1) lit. f. GDPR or there is a legal obligation to do so in accordance with Art. 6 (1) lit. c. GDPR.

We use the double opt-in procedure for registration, i.e. your registration is only complete once you have confirmed your registration by clicking on the link contained in a confirmation email sent to you for this purpose. If you do not confirm your registration within 24 hours, your registration will be automatically deleted from our database. The provision of the aforementioned data is mandatory; all other information can be provided voluntarily when using our portal.

2. Legal basis for data processing
If the registration serves to fulfil a contract to which the user is a party or to implement pre-contractual measures, the additional legal basis for data processing is Art. 6 (1) lit. b GDPR.

For the performance of the contract in accordance with Art. 6 (1) (b) GDPR, we will pass on your data to the shipping company commissioned with the delivery, insofar as this is necessary for the delivery of the goods ordered. Depending on which payment service provider you select during the ordering process, we will pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to the payment service providers commissioned by us or to the selected payment service. In some cases, the selected payment service providers also collect this data themselves if you create an account there. In this case, you must log in to the payment service provider with your access data during the ordering process. In this respect, the privacy policy of the respective payment service provider applies.

3. Purpose of data processing
The company is registered for the purpose of identifying a trader, as the shop area at shop.dkd.de is explicitly aimed only at traders within the meaning of Section 14 of the German Civil Code (BGB). Furthermore, registration serves the purpose of displaying individual prices and, if applicable, submitting offers. The data is required for the fulfilment of a contract with the user.

  1. Restriction of access to prices and offers to traders within the meaning of Section 14 of the German Civil Code (BGB).
  2. Individualised display and submission of offers for products and services.
  3. Storage of user data and settings for the purpose of order processing.
  4. Insight into past orders.

4. Duration of storage
The data will be deleted as soon as it is no longer required for the purpose for which it was collected.

This is the case for data collected during the registration process for the fulfilment of a contract or for the implementation of pre-contractual measures if the data is no longer required for the execution of the contract. Even after the conclusion of the contract, it may still be necessary to store the personal data of the contractual partner in order to comply with contractual or legal obligations.

5. Right to object and right to erasure
As a user, you have the right to cancel your registration at any time. You can have the data stored about you changed at any time.

If you wish to have your personal data deleted or revoke the processing of your customer account data, please contact us using the usual channels or at info@dkd.de.

If the data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible if there are no contractual or legal obligations preventing deletion.

VIII. Contact form and email contact

1. Description and scope of data processing
Our website features a contact form that can be used to contact us electronically. If a user chooses to do so, the data entered in the input mask will be transmitted to us and stored. This data includes:

  1. Name
  2. Email address
  3. Message

Your consent will be obtained for the processing of data during the sending process and reference will be made to this privacy policy.

Alternatively, you can contact us via the email address provided. In this case, the user's personal data transmitted with the email will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

2. Legal basis for data processing
The legal basis for data processing is Art. 6 para. 1 lit. a GDPR if the user has given their consent.

The legal basis for processing data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

3. Purpose of data processing
The processing of personal data from the input mask serves solely to process the contact request. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in the processing of the data.

The other personal data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. For personal data from the input mask of the contact form and data sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

5. Right to object and right to erasure
Users may revoke their consent to the processing of their personal data at any time. If users contact us by email, they may object to the storage of their personal data at any time. In such cases, the conversation cannot be continued.

The objection to consent and the objection to storage can be made in any way known to you.

In this case, all personal data stored in the course of contacting us will be deleted.

IX. Duty to provide information for applicants

We are delighted that you are interested in dkd Internet Service GmbH and have applied or are applying for a position in our company. We would like to provide you with all the information you need about the processing of your personal data in connection with your application, as data protection is a high priority for us.

We have therefore written our own data protection information for applicants so that no detail is lost. Click here: https://www.dkd.de/de/datenschutz-bewerber/

X. Web analysis by Matomo (formerly PIWIK)

1. Scope of processing personal data
We use the open source software tool Matomo (formerly PIWIK) on our website to analyse the surfing behaviour of our users. The software sets a cookie on the user's computer (see above for more information on cookies). When individual pages of our website are accessed, the following data is stored:

  1. IP address, anonymised by shortening
  2. Cookie, to distinguish between different visitors
  3. Previously visited URL (referrer), if transmitted by the browser
  4. Name and version of the operating system
  5. Name, version and language setting of the browser
  6. URLs visited on this website
  7. Times of page views
  8. Type of HTML requests
  9. Screen resolution and colour depth
  10. Technologies and formats supported by the browser (e.g. cookies, Java, Flash, PDF, Windows Media, QuickTime, RealPlayer, Director, SilverLight, Google Gears)

The software runs exclusively on our website's server. Users' personal data is stored only there. The data is not passed on to third parties.

The shortened IP address means that it is no longer possible to assign it to the requesting computer.

2. Legal basis for the processing of personal data
The legal basis for the processing of users' personal data is Art. 6 (1) lit. f GDPR.

3. Purpose of data processing
The processing of users' personal data enables us to analyse the surfing behaviour of our users. By evaluating the data obtained, we are able to compile information about the use of the individual components of our website.
This helps us to continuously improve our website and its user-friendliness. These purposes also constitute our legitimate interest in the processing of data in accordance with Art. 6 (1) lit. f GDPR. This helps us to continuously improve our website and its user-friendliness. These purposes also constitute our legitimate interest in processing the data in accordance with Art. 6 (1) lit. f GDPR. The anonymisation of the IP address sufficiently takes into account the interests of users in the protection of their personal data.

4. Duration of storage
We store the above-mentioned personal data as follows:

The collected raw data is deleted after 400 days. After this deletion period, no usable tracking information remains on our servers. All basic metrics for the cumulative annual and monthly reports are retained.

Reports are stored for 12 months. However, all data for the monthly and annual reports is retained.

5. Right to object and removal option
Cookies are stored on the user's computer and transmitted to our site by the user. Therefore, as a user, you have full control over the use of cookies. By changing the settings in your Internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

For more information on the privacy settings of the Matomo software, please visit the following link: https://matomo.org/docs/privacy/.

On your next visit, please note the opt-out options, such as your browser's do-not-track function.

XI. Use of social networks (social media)
 

1. Description and scope of data processing

dkd maintains various online presences on social networks and therefore processes personal data from visitors. Users active on these platforms can communicate with us or obtain information about us.

dkd points out that when using social media platforms, your data may be processed outside the European Economic Area. This may result in risks, as European rights may be enforced to a limited extent.
In addition, your data may be processed by the respective operators of the social networks for market research and advertising purposes. This may result in the creation of user behaviour and/or usage profiles. These profiles may be used for advertising purposes within and outside the networks.
In order to use this targeted advertising for you, cookies are usually stored on your end devices. These cookies store your usage behaviour and possibly your interests. Additional data may also be stored in the cookies if you are logged into the platform with your account.
For more details and information on how to object, please refer to the contact details (information on the operators) and the data protection information provided by the network operators below.

The following data may be processed:

  • Your personal data, such as your email address, telephone numbers, etc.;
  • Data from your end devices, such as your IP address, browser data, language, websites visited, interests in topics, times of access or other device data;
  • Content such as comments, chat entries, contact forms;

The following users may be affected: 

  • Prospective customers;

2. Legal basis for data processing
The legal basis is the legitimate interest of dkd Internet Service GmbH (Art. 6 (1) (1) (f) GDPR).

3. Purpose of data processing
The primary purpose of processing is marketing. We also want to provide our customers and interested parties with a platform for communication. We also welcome feedback.

4. Duration of storage
The data will be deleted as soon as it is no longer necessary for the purpose for which it was collected. Details can be found at the platform operators.

5. Right to object and rights of data subjects
We kindly request that you submit any requests for information or assert your rights as a data subject directly to the provider, as this is the most effective method. Only the operators of the platforms have access to your data. We are unable to provide you with any information and do not have the right to obtain information about you from the operators of the platforms.
If you have any questions about obtaining information or enforcing your rights, please contact us.

6. Further information about the operators and their processing activities

Facebook pages – ‘Fanpage’
dkd Internet Service GmbH and Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, are jointly responsible for the collection of personal data from the profiles you have created on the Facebook network. However, we, dkd Internet Service GmbH, are not responsible for the further processing of your data on our Facebook page – ‘fan page’.

According to the Facebook data policy  https://www.facebook.com/policy, the following data about you is processed:

  • IP addresses,
  • operating system,
  • browser type,
  • language settings,
  • cookie data;

The Facebook Data Policy also states that Meta Platforms Ireland Ltd. collects and uses data through its analytics service to provide so-called ‘page insights’ to operators of Facebook fan pages. We have entered into an agreement with Facebook, which you can view at the following link:  https://www.facebook.com/legal/terms/page_controller_addendum. This agreement regulates the security measures that are taken and states that Meta Platforms Ireland Ltd. has agreed to comply with the rights of data subjects (e.g. requests for information, deletion/blocking, objection, etc.).
The joint responsibility refers to the collection and transfer of your data to Meta Platforms Ireland Ltd. The transfer and further processing to the parent company Meta Platforms, Inc. in the USA is the responsibility of Meta Platforms Ireland Ltd.

LinkedIn
The platform operator is LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland; data protection information and opt-out options can be found at: https://www.linkedin.com/legal/privacy-policy;

Pinterest
The platform operator is Pinterest Inc., 635 High Street, Palo Alto, CA, 94301 in the USA. Data protection information and opt-out options can be found at:
https://about.pinterest.com/de/privacy-policy.

Twitter
The platform operator in Europe (Ireland) is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. The parent company is Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 in the USA. The privacy policy can be found at:
https://twitter.com/privacy.

YouTube
The video platform is operated in Europe by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 in the USA. The privacy policy can be found at:
https://policies.google.com/privacy.

Vimeo
The operator of the video platform is Vimeo, LLC, 555 West 18th Street, New York, New York 10011 in the USA. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 in the USA. The privacy policy can be found at: https://tools.google.com/dlpage/gaoptout?hl=de.

Xing
The platform operator is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. The privacy policy can be found at: https://privacy.xing.com/de/datenschutzerklaerung.

Instagram
The platform operator is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The privacy policy can be found at: 
https://instagram.com/about/legal/privacy.

Google My Business
The social media platform is operated in Europe by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The parent company is Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 in the USA. The privacy policy can be found at: 
https://policies.google.com/privacy.

DoubleClick privacy policy
Doubleclick by Google is a service provided by Google Inc., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’). Doubleclick by Google uses cookies to present you with advertisements that are relevant to you. Your browser is assigned a pseudonymous identification number (ID) to check which ads have been displayed in your browser and which ads have been clicked on. The cookies do not contain any personal information. The use of DoubleClick cookies enables Google and its partner websites to display ads based on previous visits to our website or other websites on the Internet. The information generated by the cookies is transmitted by Google to a server in the USA for evaluation and stored there. Google will only transfer the data to third parties if required by law or within the scope of order data processing. Under no circumstances will Google combine your data with other data collected by Google.

By using our websites, you consent to the processing of data about you by Google and the manner of data processing described above, as well as the purpose stated. You can prevent the storage of cookies by adjusting your browser software settings accordingly; however, we would like to point out that in this case you may not be able to use all functions of our websites to their full extent. You can also prevent Google from collecting the data generated by the cookies and relating to your use of the websites and from processing this data by downloading and installing the browser plugin available at the following link under the item DoubleClick deactivation extension. Alternatively, you can deactivate Doubleclick cookies on the Digital Advertising Alliance website at the following link.

https://www.google.com/privacy/ads/.

Privacy policy of Google Maps

The subpage ‘Directions’ uses the Google Maps API to visually display geographical information. ‘Google Maps’ is a service provided by Google Inc., Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (‘Google’).

When using Google Maps, Google also collects, processes and uses data about visitors' use of the map functions. For more information about data processing by Google, please refer to Google's privacy policy.

There you can also change your personal privacy settings in the privacy centre.

However, this data processing and contact with the Google network will only be loaded and processed by Google Inc. after you have given your consent. This is made possible by clicking on the map and/or activating the map display in your privacy settings.

Alternatively, you have the option of deactivating the Google Maps service in future and thus preventing data transfer to Google by deactivating JavaScript in your browser or deactivating your privacy settings for map display. However, we would like to point out that in this case you will not be able to use the map display on our site.

AGeneral information on data protection is available in the Google Privacy Centre at https://policies.google.com/privacy?hl=de-DE

Shariff data protection provisions

The controller has integrated the Shariff component into this website. The Shariff component provides social media buttons that comply with data protection regulations. Shariff was developed for the German computer magazine c't and is published via GitHub, Inc.

The developer of the component is GitHub, Inc. 88 Colin P. Kelly Junior Street, San Francisco, CA 94107, USA.

Usually, the button solutions provided by social networks transfer personal data to the respective social network as soon as a user visits a website that has a social media button integrated into it. By using the Shariff component, personal data is only transferred to social networks when the visitor to a website actively clicks on one of the social media buttons. Further information on the Shariff component is available from the computer magazine c't at www.heise.de/newsticker/meldung/Datenschutz-und-Social-Media-Der-c-t-Shariff-ist-im-Einsatz-2470103.html. The purpose of using the Shariff component is to protect the personal data of visitors to our website and at the same time enable us to integrate a button solution for social networks on this website.

Further information and GitHub's applicable data protection regulations can be found at  https://docs.github.com/en/github/site-policy/github-privacy-statement.

Data protection information SlideShare

The data controller has integrated SlideShare components into this website. LinkedIn SlideShare is a file hosting service that enables the exchange and archiving of presentations and other documents such as PDF files, videos and webinars. The file hosting service allows users to upload media content in all common formats, whereby the documents can either be made publicly accessible or marked as private.

The operating company of SlideShare is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data protection matters outside the USA.

LinkedIn SlideShare provides so-called embed codes for the media content stored there (presentations, PDF files, videos, photos, etc.). Embed codes are program codes that are embedded in websites with the aim of displaying external content on one's own website. Embed codes make it possible to display content on your own website without storing it on your own server and thereby potentially infringing the copyright of the respective author of the content. Another advantage of using an embed code is that the respective website operator does not use their own storage space, thereby reducing the load on their own server. An embed code can be integrated at any point on another website, so that external content can also be inserted within your own text. The purpose of using LinkedIn SlideShare is to reduce the load on our server and to avoid copyright infringements when using third-party content.

Each time you access our website, which is equipped with a SlideShare component (embed codes), this component causes the browser you are using to download the corresponding embedded data from SlideShare. As part of this technical process, LinkedIn receives information about which specific subpage of our website is visited by the person concerned.

If the data subject is logged into SlideShare at the same time, SlideShare recognises which specific subpage the data subject visits each time they access our website and for the entire duration of their visit to our website. This information is collected by SlideShare and assigned by LinkedIn to the data subject's respective SlideShare account.

LinkedIn receives information via the SlideShare component that the data subject has visited our website whenever the data subject is logged into SlideShare at the same time as visiting our website; this occurs regardless of whether the data subject clicks on the embedded media data or not. If the data subject does not want this information to be transmitted to LinkedIn, they can prevent the transmission by logging out of their SlideShare account before visiting our website.

LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. Such cookies can be rejected at  www.linkedin.com/legal/cookie-policy. LinkedIn's applicable privacy policy is available at www.linkedin.com/legal/privacy-policy.

MailChimp privacy policy

You can subscribe to the newsletter by entering your email address in the form on our website. For verification purposes, you will receive a separate email in which you must expressly confirm your newsletter subscription (opt-in). Without this confirmation, you will not receive any newsletters.

The newsletter covers topics such as TYPO3, e-commerce, Shopware, Apache Solr, web development, digital strategy consulting, SEO and much more. We keep our customers up to date on current trends and topics in the areas of development, communication and design, as well as the latest news from the IT world and tips and tricks for your website.

You can unsubscribe from the newsletter at any time via the link provided at the end of the newsletter.

The newsletter is sent via the MailChimp service provided by The Rocket Science Group (USA). In order to maintain data protection standards, a contract based on the EU standard contractual clauses has been concluded with The Rocket Science Group.

The data transmitted to us (as described above) is only transmitted to The Rocket Science Group and stored by The Rocket Science Group. No other third parties receive your data. When you register, the MailChimp service sends you an email allowing you to confirm your registration. Furthermore, the MailChimp service uses analysis options that are used when the newsletter is opened. This collects additional data such as IP address, browser, operating system, time of access and location of access.

The Rocket Science Group also uses the Google Analytics analysis tool from Google, Inc. and may integrate this into the newsletter. If you open your email in your browser (link in the email), we have no influence on the data collected there.

The legal basis is in accordance with the provisions of the General Data Protection Regulation (GDPR). We hereby inform you that consent to the sending of email addresses is based on Art. 6 (1) lit. a, 7 GDPR and § 7 (2) No. 3 and (3) UWG. The use of the mailing service provider ‘The Rocket Science Group’, the performance of statistical surveys and analyses, and the logging of the registration process are based on our legitimate interests pursuant to Art. 6 (1) lit. f GDPR.

We would also like to point out that you can object to the future processing of your personal data at any time in accordance with the legal requirements pursuant to Art. 21 GDPR. In particular, you can object to processing for direct marketing purposes.

Further information on data protection at MailChimp can be found at: https://mailchimp.com/de/legal/

We use the Google service reCaptcha to determine whether a human or a computer is making a particular entry in our contact or newsletter form. Google uses the following data to check whether you are a human or a computer:

  • Referrer URL (the address of the page from which the visitor comes)
  • IP address (e.g. 256.123.123.1)
  • Information about the operating system (the software that enables your computer to operate. Well-known operating systems are Windows, Mac OS X or Linux)
  • Cookies (small text files that store data in your browser)
  • Mouse and keyboard behaviour (every action you perform with the mouse or keyboard is stored)
  • Date and language settings (the language and date you have preset on your PC are stored)
  • All JavaScript objects (JavaScript is a programming language that enables websites to adapt to the user. JavaScript objects can collect all kinds of data under one name)
  • Screen resolution (shows how many pixels the image display consists of)

The legal basis for the data processing described is Art. 6 (1) lit. f of the General Data Protection Regulation. We have a legitimate interest in this data processing in order to ensure the security of our website and to protect ourselves from automated inputs (attacks).
Further details can be found in Google's Data Protection Centre:

https://policies.google.com/privacy?hl=de&gl=de

Zoom privacy policy

We use the Zoom tool to conduct telephone conferences, online meetings, video conferences and/or webinars (hereinafter referred to as ‘online meetings’). Zoom is a service provided by Zoom Video Communications, Inc., which is based in the United States.

Please note: As soon as you visit the Zoom website, the provider of Zoom is responsible for data processing. However, visiting the website is only necessary for using Zoom in order to download the software for using Zoom.

You can also use Zoom if you enter the respective meeting ID and, if necessary, additional access data for the meeting directly in the Zoom app.

If you do not want to or cannot use the Zoom app, the basic functions can also be used via a browser version, which you can also find on the Zoom website.

Various types of data are processed when using Zoom. The scope of the data also depends on the information you provide before or during participation in an online meeting.

The following personal data is subject to processing:

  1. User details: first name, surname, telephone number (optional), email address, password (if single sign-on is not used), profile picture (optional), department (optional)
  2. Meeting metadata: topic, description (optional), participant IP addresses, device/hardware information
  3. For recordings (optional): MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat
  4. When dialling in by telephone: Information on incoming and outgoing phone numbers, country name, start and end time. Additional connection data, such as the IP address of the device, may also be stored.
  5. Text, audio and video data: You may have the option of using the chat, question or survey functions in an online meeting. In this respect, the text entries you make are processed in order to display them in the ‘online meeting’ and, if necessary, to log them. To enable the display of video and the playback of audio, the data from the microphone of your end device and from any video camera of the end device are processed for the duration of the meeting. You can switch off or mute the camera or microphone yourself at any time using the ‘Zoom’ applications.
  6. In order to participate in an ‘online meeting’ or enter the ‘meeting room’, you must at least provide your name.

Scope of processing

We use Zoom to hold online meetings. If we wish to record online meetings, we will inform you of this in advance and, where necessary, ask for your consent. The fact that the meeting is being recorded will also be displayed in the Zoom app.

If necessary for the purposes of recording the results of an online meeting, we will log the chat content. However, this will not usually be the case.

In the case of webinars, we may also process questions asked by webinar participants for the purposes of recording and following up on webinars.

If you are registered as a user with Zoom, reports on online meetings (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored by Zoom for up to one month. Automated decision-making within the meaning of Article 22 GDPR is not used.

Legal basis for data processing

Insofar as personal data of employees of dkd Internet Service GmbH is processed, Section 26 of the Federal Data Protection Act (BDSG) forms the legal basis for data processing. If, in connection with the use of ‘Zoom’, personal data is not necessary for the establishment, implementation or termination of the employment relationship, but is nevertheless an essential component of the use of “Zoom”, Art. 6 (1) lit. f) GDPR is the legal basis for data processing. In these cases, our interest lies in the effective implementation of ‘online meetings’.

Otherwise, the legal basis for data processing when conducting ‘online meetings’ is Art. 6 (1) (b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships.

If no contractual relationship exists, the legal basis is Art. 6 (1) lit. f) GDPR. Here, too, our interest lies in the effective implementation of online meetings.

Recipients / Disclosure of data

Personal data processed in connection with participation in ‘online meetings’ will not be disclosed to third parties unless it is specifically intended for disclosure. Please note that, as with face-to-face meetings, content from online meetings is often used to communicate information to customers, interested parties or third parties and is therefore intended for disclosure.

Other recipients: The provider of Zoom necessarily obtains knowledge of the above-mentioned data to the extent provided for in our data processing agreement with Zoom.

Data processing outside the European Union

Personal data is processed in a third country. We have concluded a data processing agreement with the provider of ‘Zoom’ that complies with the requirements of Art. 28 GDPR. An adequate level of data protection is guaranteed by the conclusion of the so-called EU standard contractual clauses. However, dkd Internet Service GmbH is aware of the termination of the Privacy Shield Agreement with the USA and that there is a need for action even with the conclusion of the so-called EU standard contractual clauses.

We are therefore in close contact with the supervisory authorities, Zoom's representatives in Europe and the independent German federal and state data protection supervisory authorities in order to respond quickly to the current recommendations for action and legal requirements and to implement them in order to raise the level of data protection to an adequate level.

Data protection information Amazon CloudFront - Content Delivery Network (CDN)

We use the Cloudfront Content Delivery Network (CDN) on our website. This is a service provided by Amazon Web Services Inc., 410 Terry Avenue North, Seattle, WA 98109-5210. Cloudfront provides duplicates of a website on Amazon Web Services (AWS) servers distributed worldwide. This results in faster website loading times, greater reliability and increased protection against data loss. The JS and CSS assets and some of the images and videos embedded on this website are obtained from the Cloudfront CDN when the page is accessed. When the page is accessed, information about your use of our website, such as

  1. IP address
  2. location
  3. operating system
  4. browser version

is transferred to Amazon servers in other EU countries and stored there.

This happens as soon as you visit our website. We use Amazon Web Services and Amazon CDN Cloudfront to make sure this website is more reliable, better protected against data loss, and loads faster.

This constitutes a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. You can find out more about Amazon Web Services' data protection measures at: aws.amazon.com/de/cloudfront/

The current privacy policy of Amazon Web Services can be found at: aws.amazon.com/de/privacy/

A data processing agreement has been concluded with Amazon Web Services Inc.

Privacy Policy Leadinfo Technology

This website uses the services of Leadinfo B.V., based in Rotterdam. This service displays publicly available company data, such as company names and addresses, based on IP addresses. Companies are identified solely on the basis of IP addresses. IP addresses are not stored after use.
In addition to this identification via IP addresses, two first-party cookies are used to provide us with information about how visitors use the website (analytics). These cookies are not linked to any other information and nothing is passed on to third parties.

Objection to data collection:
If you wish to deactivate data collection (tracking), please click on the corresponding button at:  https://www.leadinfo.com/de/opt-out/

Order data processing:
We have concluded a contract with Leadinfo for order data processing and implement the data protection requirements.

Contact Leadinfo:
Leadinfo B.V.
Rivium Quadrant 141
2909 LC Capelle aan den IJssel
Netherlands
hallo@leadinfo.com
+31 (0)85 2500 450

XII. Use of Cloudflare as front-end hosting – content refers to mach.dkd.de

Our website is provided via Cloudflare, which enables fast and secure delivery of content. Cloudflare acts as a content delivery network (CDN) and proxy server to optimise loading times and increase protection against attacks.

When using our website, Cloudflare itself does not process or store any personal data. Content is transmitted via an encrypted connection. User IP addresses are not stored, and Cloudflare does not use any tracking mechanisms or analysis functions.

Contact form and data processing:
When you use our contact form, the data you enter (surname, first name, email address and, if applicable, telephone number) will be used exclusively for the purpose of processing your enquiry. This data is transmitted directly to our internal processing system via the Microsoft email service (Microsoft Graph API) and is not stored or processed by Cloudflare.

Since no personal data is processed via Cloudflare, the data protection requirements relating to the use of Cloudflare as a pure hosting and CDN tool are met.

Further information about Cloudflare and its data protection practices can be found at:
Cloudflare Privacy Policy.

XII. Use of Cloudflare as front-end hosting – content refers to mach.dkd.de

Our website is provided via Cloudflare, which enables fast and secure delivery of content. Cloudflare acts as a content delivery network (CDN) and proxy server to optimise loading times and increase protection against attacks.

When using our website, Cloudflare itself does not process or store any personal data. Content is transmitted via an encrypted connection. User IP addresses are not stored, and Cloudflare does not use any tracking mechanisms or analysis functions.

Contact form and data processing:
When you use our contact form, the data you enter (surname, first name, email address and, if applicable, telephone number) will be used exclusively for the purpose of processing your enquiry. This data is transmitted directly to our internal processing system via the Microsoft email service (Microsoft Graph API) and is not stored or processed by Cloudflare.

Since no personal data is processed via Cloudflare, the data protection requirements relating to the use of Cloudflare as a pure hosting and CDN tool are met.

Further information about Cloudflare and its data protection practices can be found at:
Cloudflare Privacy Policy.

XIII. Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the following rights against the controller:

1. Right of access
You can request confirmation from the controller as to whether personal data concerning you is being processed by us.

If such processing is taking place, you can request the following information from the controller:

  1. the purposes for which the personal data is being processed;
  2. the categories of personal data being processed;
  3. the recipients or categories of recipients to whom your personal data has been or will be disclosed;
  4. the planned duration of storage of the personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
  5. the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller or a right to object to such processing;
  6. the existence of a right to lodge a complaint with a supervisory authority;
  7. all available information on the origin of the data if the personal data is not collected from the data subject;
  8. the existence of automated decision-making, including profiling, pursuant to Art. 22(1) and (4) GDPR and, at least in these cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to request information about whether personal data concerning you is being transferred to a third country or to an international organisation. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to rectification
You have the right to request the controller to rectify and/or complete your personal data if the processed personal data concerning you is inaccurate or incomplete. The controller must rectify the data without delay.

3. Right to restriction of processing
Under the following conditions, you may request the restriction of the processing of your personal data:

  1. if you dispute the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
  2. the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
  3. the controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims; or
  4. you have objected to processing pursuant to Article 21(1) of the GDPR and it is not yet clear whether the legitimate grounds of the controller override your grounds.

If the processing of personal data concerning you has been restricted, such data may – apart from its storage – only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

4. Right to erasure

Obligation to erase

You may request that the controller erase personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay if one of the following reasons applies:

  1. The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  2. You withdraw your consent on which the processing was based in accordance with Art. 6(1)(a) or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21(2) GDPR.
  4. The personal data concerning you has been processed unlawfully.
  5. The erasure of the personal data concerning you is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  6. The personal data concerning you has been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

Information to third parties
If the controller has made your personal data public and is obliged to delete it in accordance with Art. 17(1) GDPR, it shall take reasonable steps, including technical measures, taking into account the available technology and implementation costs, to inform controllers who process the personal data that you, as the data subject, have requested them to delete all links to this personal data or copies or replications of this personal data.

Exceptions
The right to erasure does not apply if processing is necessary

  1. to exercise the right of freedom of expression and information;
  2. to comply with a legal obligation which requires processing under Union or Member State law to which the controller is subject, or to perform a task carried out in the public interest or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the area of public health in accordance with Art. 9(2)(h) and (i) and Art. 9(3) GDPR;
  4. for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing, or
  5. for the establishment, exercise or defence of legal claims.

Right to information
If you have asserted your right to rectification, erasure or restriction of processing against the controller, the controller is obliged to notify all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort.

You have the right to be informed by the controller about these recipients.

Right to data portability
You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that

  1. the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR and
  2. the processing is carried out using automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another controller, where technically feasible. The freedoms and rights of other persons must not be affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.

The controller shall no longer process the personal data concerning you unless the controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes; this also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.

You have the option, in connection with the use of information society services – notwithstanding Directive 2002/58/EC – to exercise your right to object by means of automated procedures using technical specifications.

Right to revoke your data protection consent declaration
You have the right to revoke your data protection consent declaration at any time. Revoking your consent does not affect the legality of the processing carried out on the basis of your consent prior to revocation.

Automated decision-making in individual cases, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision

  1. is necessary for entering into or performing a contract between you and the controller,
  2. is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or
  3. is based on your explicit consent.

However, these decisions may not be based on special categories of personal data pursuant to Art. 9(1) GDPR, unless Art. 9(2)(a) or (g) GDPR applies and appropriate measures have been taken to protect your rights and freedoms and legitimate interests.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority to which the complaint was lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.

Status: 27 February 2025

Cookies & third-party content

Settings
Please save your settings in the data protection dialog box first.