of Duttenhofer GmbH & Co. KG ("DIFOX") for use of DIFOX online shops
Date 01/2025
1. Person Responsible
The controller responsible for data processing is DIFOX a branch of, Duttenhofer GmbH & Co. KG, Alfred-Nobel-Str. 6, 97080 Wuerzburg, Germany
2. Contact details of the data protection officer
The external company privacy protection officer is Dr. Carlo Piltz, PL Services GmbH, Südwestkorso 3, 12161 Berlin, Germany, Tel: +49 (0)30 814 53 50 00.
3. Purpose, duration and legal bases for data processing
Your personal data are processed on the basis of your consent (Art. 6 para. 1 p. 1 lit. a) GDPR) for the purpose of subscribing to the newsletter. If you send us your personal data by e-mail when you contact us, we will process your personal data to process your requests, to contact you and possibly also to execute pre-contractual measures or to fulfil a contract (Art. 6 para. 1 p. 1 lit. b) GDPR). If required, the processing of your data will extend beyond the actual fulfilment of the contract to include the safeguarding of our legitimate interests or those of third parties as follows: The review and optimisation of processes for needs analysis and direct contact, advertising or market and opinion research, provided you have not objected to the use of your data, the assertion of legal claims and defence in the event of legal disputes, to guarantee IT security and IT operation, the facilitation of various different payment methods for your online order(s), to guarantee the operation of our website, the use of social media functions and measures for business management and the further development of services and products (Art. 6 para. 1 p. 1 lit. f) GDPR).
We are also subject to various retention and documentation obligations and may also be legally obliged to share personal data to authorities (Art. 6 para. 1 p. 1 lit. c) GDPR).
The following table provides an insight into the most important retention periods:
Item
Retention period
Legal basis
Offers with order sequence, e-mails (business letters), e-mails (reminders), faxes (business letters), delivery notes, default summons and reminders
6 years
§ 147 AO, § 257 HGB
Outgoing invoices, receipts, e-mails (booking documents such as invoices), delivery notes, as proof of receipt, especially in connection with an invoice, cash-on-delivery tag, online invoices
10 years
§ 147 AO, § 257 HGB
Data on the respective sales contract for processing warranty claims
2 years
§ 438 Abs. 1 Nr. 3 BGB
Data on the respective contract for processing warranty claims
Depending on the respective product
§ 443 BGB
Data are transferred to third countries (states outside the EU and the European Economic Area - EEA) only if to do so is required to execute contracts concluded with you or by law, or if you have given us your consent to do so.
We will provide details to you separately, if required by law.
4.Processing of customer data
4.1 Orders
DIFOX processes the following customer data: customer name, address, telephone number, email address, information on the content of an order, IP address, any information pertaining to a different delivery address and information on the desired payment type. The data is processed in Germany. The personal data listed above is processed and used for the purpose of managing the relevant contractual relationship. The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. b) and f) GDPR. Our legitimate interest lies in the aforementioned purpose. The recipient of the data is our data processor from the area of processing and optimizing the order process. We also reserve the right to, at appropriate intervals, send you direct mail advertisements for the offers in our online shop. No other use is made of your personal data. In particular, we do not pass on any data to third parties unless it is for the purpose of sending the ordered goods.
You can, at any time, object to your name and address being used for mail advertising purposes (see above). Simply send an email to dataprotection@difox.com
4.2Use of email addresses for advertising purposes (sending newsletters)
4.2.1 Newsletters in general
You may have the option of subscribing to DIFOX's e-mail newsletter via a double opt-in process. This means that after your registration, we will send you an e-mail to the e-mail address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your subscription, your information will be blocked and subsequently deleted. In addition, we process your respective IP addresses used and times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
Subscription includes consent to receive the regular newsletter, which may contain current information about DIFOX's Internet offerings and information about special product offers, as well as advertising for other DIFOX services and benefits. After you register, DIFOX will therefore use your email address for its own advertising purposes.
You may unsubscribe at any time via the function provided for this purpose in the newsletter, by sending an e-mail to dataprotection@difox.com or - if offered - the corresponding option in the settings of your user account. Your email address will be saved in order to facilitate delivery of our newsletter. The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. a) GDPR.
4.2.2 Newsletter dispatch in existing customer relationship
If you have already purchased goods or services from us, DIFOX will also use your email address and the first and last name of the contact person on file for personalisation purposes in order to send you our newsletter for direct advertising of similar goods or services, if you have not objected to this use of the aforementioned data. You can of course object to the sending of our newsletter at any time with effect for the future by clicking on "unsubscribe" at the end of the newsletter or by contacting our data protection officer at dataprotection@difox.com. You do not incur any costs other than the transmission costs according to the basic tariffs for this.
The legal basis for this data processing is Art. 6 para. 1 S. 1 lit. f) GDPR. Our legitimate interest rests in being able to inform you about our latest offers for our products by means of direct advertising.
4.3 Processing of personal data in the context of payment
4.3.1 Prepayment, invoice
If you are given the option of “Payment in advance (bank transfer)”or “Purchase on account” during your order, DIFOXalone processes the personal data which you entered during the ordering process in order to carry out the contractual relationship with you.
The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. b) GDPR.
4.3.2 Merchandise insurance contract
DIFOX has concluded a merchandise insurance contract. DIFOX is co-insured under the terms of a merchandise insurance contract. Specialist services of the insurer (credit insurance, factoring, risk assessment and collection) are drawn upon within the framework of this contract. Insofar as DIFOX makes use of the described services, personal data concerning the unfulfilled contract will be transmitted to Coface. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f) of GDPR. Our legitimate interest exists in the sense that we protect ourselves from payment defaults and assert our rights and would like to assert claims.
4.4 Registration as a specialist retailer (new customer form)
You have the option to register as a specialist retailer with DIFOX, so that DIFOX can then create a customer account for you in our shop on the website. We do this
so that you can place orders and manage them comprehensively;
to manage your user data and settings;
where applicable, to manage your newsletter subscription with DIFOX; and
for the inspection of invoices and outstanding arrears.
For a detailed breakdown of the minimum data which are processed, please refer to the page with the new customer form https://www.difox.com/registration-difox .
The legal basis for the data processing is Article 6 (1)(1)(b) GDPR.
As Section 1 (9)(11)(1)(1) MLA obliges us to identify contracting parties before establishing a business relationship or carrying out a transaction, we will process a copy of the applicant's identity card in the context of new customer registration for the purpose of combating money laundering, Section 58 MLA. The copy will not be processed for any other purpose. In accordance with Section 8 (4)(1) MLA, this copy of the ID will in principle be kept for five years after the termination of our business relationship and subsequently destroyed, unless other statutory retention provisions require us to keep it for longer, Section 8 (4)(2) MLA.
The legal basis for this data processing is Article 6(1)(c) GDPR in conjunction with Section 1 (9)(11)(1)(1) MLA.
4.5 Drop shipment
DIFOX may also deliver goods to the end customer as a drop shipper. Drop shipping refers to a special form of business conducted in trading between a supplier and an (online) retailer. The supplier offers the retailer products which the latter then offers for sale in its online shop. As soon as a product is purchased by a customer, the retailer forwards the order to the supplier. The latter sends the goods in a neutral form directly to the end customer, meaning that the retailer does not have any contact with the goods at all. As a rule, the end customer does not notice that the actual sender is the supplier rather than the retailer. DIFOX processes the data of the end customer (name, address, telephone number, e-mail address) provided by the specialist retailer so that it can carry out the drop shipment.
The legal basis for data processing for the delivery of the product in question to the end customer is Art. 6 (1)(1)(b) and (f) GDPR. DIFOX’s legitimate interest consists in its desire to fulfil its contractual obligation to the retailer as a drop shipper and to deliver the ordered product to the end customer.
4.6 Special conditions / rebate
DIFOX may send reports to its manufacturers and suppliers to allow it to verify possible special conditions in the context of initiation of the contract or downstream bonuses (kickbacks) after the execution of a contract for a customer. These reports contain the company name and may in individual cases also feature personal data, namely the name of the entrepreneur. The legal basis for this data processing is Article 6 (1)(1)(b) GDPR. A contact person in the customer's company for whom the special conditions are being verified may also be named. The legal basis for this data processing is Article 6 (1)(1)(f) GDPR. DIFOX’s legitimate interest consists in making it possible for the manufacturer or supplier to contact the customer, if required. In addition, its legitimate interest consists in ensuring that the product manufacturer cannot verify any special conditions / rebates without necessary information. The transfer of personal data to a third country within the scope of the above purpose only takes place in very exceptional cases in accordance with Art. 49 para. 1 lit. c) GDPR in order to be able to claim the downstream bonuses.
5. Processing of personal data
5.1 Logfiles
However, when the DIFOX website is accessed, the following data is automatically logged by the web server:
• IP address of the requesting PC;
• Date and time of the request;
• Access method/function requested by the requesting PC;
• Entry values (e.g. file name) requested by the requesting PC;
• Web server access status (file transferred, file not found, command not executed etc.);
• Name of the requested file and
• URL from which the file was requested/the desired function was released.
This information is used exclusively for the purpose of identifying and tracing unauthorised accesses to the web server and other criminal acts. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interests are the assurance of IT security as well as the assurance of the operation of our Internet presence.
5.2 Cookies
When using our website, so-called cookies, which can be stored on your end device, are used as technical functional aids for various functions. A cookie is a text information that can be stored in the web browser of your end device for each visited website. The cookie is either sent to the web browser by the web server or generated in the web browser by a script as a sequence of repetitive program instructions.
Below is an overview of the cookies and other technologies we use when you use the website.
Name of the technology / cookie (type of technology – tool)
Legal basis
Purpose
Storage time
Access by third parties
_ga (cookie - Google Analytics)
§ 25 Abs. 1 TDDDG
• Analyzing website usage (e.g. information on the frequency with which the website is accessed)
2 years
Google Ireland Limited
_gid (cookie - Google Analytics)
§ 25 Abs. 1 TDDDG
• Analyzing website usage (e.g. information on the frequency with which the website is accessed)
24 hours
Google Ireland Limited
_gat_UA-35457726-1 (cookie - Google Analytics)
§ 25 Abs. 1 TDDDG
• Analyzing website usage (e.g. information on the frequency with which the website is accessed)
1 minute
Google Ireland Limited
_ga_X1EZV4RXES (cookie - Google Analytics)
§ 25 Abs. 1 TDDDG
• Analyzing website usage (e.g. information on the frequency with which the website is accessed)
2 years
Google Ireland Limited
cookiesHandled (cookie – website application)
§ 25 Abs. 2 No. 2 TDDDG
• Documentation that the website visitor has clicked on the cookie banner and whether the visitor rejects or consents to the cookies.
• Analyzing website usage (e.g. information on the frequency with which the website is accessed)
Not applicable
Not applicable
5.3 Google Analytics
If you have given your consent, we use the web analysis service Google Analytics of Google Ireland Limited, Gordon House, Barrow Street Dublin 4. Ireland ("Google") on our website.
Google Analytics applies cookies that enable us to analyse your use of our website. The information generated through cookies about your use of the website will generally be transmitted to and stored by Google on a server in the United States.
Google Analytics anonymises IP addresses by default. Due to IP anonymisation, your IP address will be truncated by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area. Only in certain exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics is not combined with other Google data. During your visit to our website, your user behaviour is recorded in the form of ‘events’. Events can be:
• Page view
• First visit
• Session start
• Websites visited
• Your ‘click path’, interaction with the website
• Scrolls
• Outbound clicks
• Internal searches
• Video engagement
• File downloads
• Ad exposure/click
• Language settings
Also recorded:
• Your approximate location (region)
• Date and time of visit
• Your IP address (in truncated form)
• Technical information about your browser and the devices you use (e.g. language settings, screen resolution)
• your internet service provider
• the referrer URL (the website/advertising medium through which you accessed this website)
The Google Analytics evaluation enables us to evaluate your pseudonymous use of the website and to generate reports about website activities.
The data recipients are / may be
• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor in accordance with Article 28 GDPR);
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA;
• Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.
On 10th of July 2023, the European Commission accepted the adequacy decision for the USA (Implementing Decision (EU) 2023/1795 of 10 July 2023). Google LLC is certified under the EU-US Privacy Framework. Since Google servers are distributed worldwide and a transfer to third countries (e.g. to Singapore) cannot be completely ruled out, we have also concluded the EU standard contract clauses with the provider.
The data that we send and link to cookies is automatically deleted after 14 months. Google Analytics cookies have a maximum lifespan of two years. Data that has reached the end of its retention period is automatically deleted once a month.
The legal basis for this data processing is your consent in accordance with Art. 6 (1) 1 lit. a) GDPR and § 25 Abs. 1 S.1 TDDDG. You can revoke your consent at any time with effect for the future by accessing the cookie settings in the footer of this website (‘Cookie Settings’) and changing your selection there. The legality of the processing carried out on the basis of the consent until the time of revocation remains unaffected.
You can also prevent cookies from being stored right from the start, by adjusting your browser software accordingly. If you adjust your browser to reject all cookies, you may experience reduced functionality on this site and others. You can also avoid the collection of data generated by cookies and related to your use of the website (including your IP address) by Google and the processing of this data by Google by
a. not giving your consent to the setting of cookies or
b. downloading and installing the browser add-on to disable Google Analytics HERE.
We have embedded YouTube videos into our online service, which are stored on https://www.youtube.com and can be played directly from our website. The operator of the video platform is Google Ireland Limited Gordon House, Barrow Street Dublin 4, Irland („YouTube“).
YouTube videos are embedded on our website in "extended data protection mode", so that according to YouTube, user information is only stored when the video is played. However, the transfer of data to YouTube partners cannot be excluded by the extended data protection mode. Consequently, a connection to the Google DoubleClick network is established regardless of whether a video is opened.
When opening a YouTube video embedded on our website, a connection to the YouTube servers is established and a data transmission is started. We have no influence on the scope and content of the data transmitted to YouTube by activating the plugin. Among other things, the YouTube server is informed which of our pages you have visited. According to YouTube, this information is used, among other things, to collect video statistics, to improve user-friendliness and to prevent abusive behavior. YouTube uses cookies to collect information about user behavior. These cookies remain on your device until you delete the data. You can prevent the use of cookies by YouTube by choosing the appropriate settings in your browser software.
If you are logged into your YouTube account, YouTube can assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account before activating the play button.
YouTube is used in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 p. 1 lit. f) GDPR.
For further information about the purpose and scope of data collection and its processing by YouTube, please refer to their privacy policy at: https://www.google.de/intl/de/policies/privacy. Please note that data from the collection process will also be passed on to organizations in the USA and therefore outside the European Union. When personal data is transferred to Google servers in the USA for storage and further processing, Google is certified under the EU Commission's adequacy decision for data transfers to the USA, the Data Privacy Framework (Implementing Decision (EU) 2023/1795 of 10 July 2023), which allows corresponding data transfers in accordance with this adequacy decision.
5.5 Newsletter tracking
DIFOX uses Emarsys Marketing Suite to track the recipient behaviour of our newsletter. Recipient reactions (opening a mail, clicking on text and image links, downloading images with an e-mail program) are recorded and stored anonymously for statistical purposes. It is not possible to identify individual users from the data used. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f) of GDPR in combination with § 25 Abs. 2 Nr. 2 TDDDG. The legitimate interest of DIFOX is the provision of better and accurate information for recipients of the newsletter. The recipient of the data is our service provider, Emarsys Interactive Services GmbH.
5.6 Contact
You will find an e-mail address for contact on DIFOX’s website. The data provided in the context of that e-mail correspondence with us will be stored for the purpose of individual communication with you, and the data processing is justified, in accordance with Art. 6 para. 1 p. 1 lit. f) GDPR, by our desire to offer you a simple contact option. Your data will also be stored for the purpose of answering your request, as well as for possible follow-up questions.
If you contact us in order to request a quote, the legal basis for data processing is Art. 6 para. 1 p. 1 lit. b) GDPR.
5.7 Google reCAPCHTA
On our website, we also use the reCAPTCHA function of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This function is primarily used to distinguish whether an input is made by a natural person or is misused by machine and automated processing. The service includes the processing of the IP address, all cookies set by Google over the last 6 months, browser language settings, browser plug-ins, Java scripts, time spent on the website, mouse or touch pad movements and the cookie ID, as well as any other data required by Google for the reCAPTCHA service. The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f) GDPR. Our legitimate interest is to establish individual ownership on the Internet and to prevent abuse and spam on our website. In the context of the use of Google reCAPTCHA, there may also be a transmission of personal data to the servers of Google LLC in the USA.
Please note that data from the collection process will also be passed on to organizations in the USA and therefore outside the European Union. When personal data is transferred to Google servers in the USA for storage and further processing, Google is certified under the EU Commission's adequacy decision for data transfers to the USA, the Data Privacy Framework (Implementing Decision (EU) 2023/1795 of 10 July 2023), which allows corresponding data transfers in accordance with this adequacy decision.
For internal and external file transfers DIFOX uses its own web client solution. Within the scope of the use of the web client, DIFOX processes the IP address of the user for up to seven days. The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. c) GDPR in conjunction with § 12 TDDDG as well as Art. 6 para. 1 p. 1 lit. f) GDPR. The legitimate interest of DIFOX is in particular to protect against misuse of the web client and to ensure network and information security.
6. Social media appearances
6.1 Facebook Fanpage
DIFOX operates a so-called fan page on Facebook. These are websites that are offered on the Facebook platform to present DIFOX as a company and to get in touch with customers and interested parties, for example. Facebook is part of Meta.
6.1.1 Shared responsibility with Meta
Together with Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (hereinafter “Meta”), we are responsible for processing so-called Insights Data when you visit our fan page. With the information provided below, we meet our duty to inform under Art. 13 GDPR within the framework of shared responsibility. When you visit our fan page, personal data will be processed by Meta, inter alia in the form of your IP address and other information that exists in the form of cookies on your PC. This applies to both visitors who have a Facebook account and those who are not registered on Facebook. This information is used to provide DIFOX – as the operator of the Facebook fan page – with statistical information on using the Facebook page. You can learn precisely which data are processed on “Information about Page Insights data” provided by Facebook: https://www.facebook.com/legal/terms/information_about_page_insights_data.
The results of this processing are provided to us, as the fan page operator, and then through Meta in an aggregated, statistical and anonymous form of user statistics. We do not have access to the data processed by Meta. Meta provides more information about Insights under the following link: https://facebook.com/help/pages/insights.
Meta describes which data it processes for more of its own purposes in its Data Policy, available under the following link: https://facebook.com/about/privacy
There, you will also find information about options for contacting Meta as well as the settings options for advertisements.
Please note that data from the data collection phase may also be transferred to locations in the United States and therefore outside the European Union. When personal data is transferred to Facebook servers in the USA for storage and further processing, Facebook is certified under the EU Commission's adequacy decision for data transfers to the USA, the Data Privacy Framework (Implementing Decision (EU) 2023/1795 of 10 July 2023), which allows corresponding data transfers in accordance with this adequacy decision.
If you wish to exercise your data subject rights (for what these are, see below under point 7) in line with GDPR, we point out that we cannot fully fulfil these rights in case of doubt. It would therefore be more effective for you to contact Facebook directly. Information about your rights regarding page insights is provided by Facebook here: https://www.facebook.com/legal/terms/information_about_page_insights_data.
With regard to page insights and joint responsibility with Facebook, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation. Information on how to exercise your right to object can be found here: https://www.facebook.com/legal/terms/information_about_page_insights_data.
If you still need help, feel free to contact us. We will forward your request to Meta, insofar as it relates to Insights Data.
Processing the visitor's personal data enables the provision of the fan page as well as the statistical evaluation of how our fan page is used. This evaluation is performed for us anonymously. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. f) of GDPR. Our legitimate interests regarding the collection of personal data when visiting the fan page and the production of statistical evaluations are: Communication and interaction with interested parties and customers; Dissemination of information about our company; Anonymized evaluation and presentation of the use of the fan page.
6.1.2 Sole responsibility of DIFOX
DIFOX also processes the data from your use of the fan page that you voluntarily provide (in a comment, for example) for the purpose of answering your inquiries, communicating with you and publishing information regarding the content offered on the fan page or from DIFOX. The legal basis for processing are Art. 6 para. 1 p. 1 lit. b) .and f) GDPR. The legitimate interest lies in the effective information of users, customers and interested parties and communication with these persons.
You are welcome to contact us as long as it regards the data processed by us on our own account, and assert the rights to which you are entitled as our data subject. However, if these refer to processing that is purely in the area of responsibility of Facebook, we point out in advance that our options with regards exercising your rights are limited to referring you to the appropriate places of Facebook.
6.1.3. Sole responsibility of Meta
Meta remains solely responsible for the processing of personal data of this kind in connection with visits to fan pages that do not fall within the scope of joint responsibility.
If you are currently logged in to Facebook as a user, there is a cookie with your Facebook identifier on your terminal device. This enables Meta to track that you have visited our fan page and how you have used it. This also applies to all other Facebook pages. If you want to avoid this, you should log out of Facebook or disable the "stay logged in" feature, delete the cookies present on your device, and exit and restart your browser.
6.2 Instagram Profile
Meta Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland ("Meta") uses the technical platform and the services of Meta Ireland Ltd. for the information service offered here. Instagram is a part of Meta.
We would like to point out that you use this Instagram profile and its functions under your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also find the information offered via this page on our Internet offer at https://www.difox.com retrieve. Meta collects your IP address and other information that is stored on your PC in the form of cookies when you visit our Instagram profile.
6.2.1 Joint responsibility with Meta
Instagram uses this information to provide us, as the operator of the Instagram profile, with statistical information about the use of the Instagram profile. Meta provides more detailed information on this at the following link: https://help.instagram.com/1533933820244654.
The data collected about you in this context will be processed by Meta and, if necessary, transferred to countries outside the European Union. Meta describes in general terms which information Facebook receives and how it is used in its data usage guidelines. There, you will also find information about options for contacting Meta as well as the settings options for advertisements. The data usage guidelines are available at the following link: https://help.instagram.com/519522125107875.
Meta does not conclusively and clearly state how the data from visiting Instagram profiles is used for its own purposes, to what extent activities on the Instagram profile are assigned to individual users, how long Meta stores this data, and whether data from a visit to the Meta page is passed on to third parties, nor is this known to us. When you access an Instagram profile, the IP address assigned to your device is transmitted to Meta. According to information from Meta, this IP address is anonymised (for "German" IP addresses). Meta also stores information about its users' devices (e.g. as part of the "Login notification" function); in this way, Meta may thus be able to assign IP addresses to individual users. If you are currently logged in to Meta as a user, a cookie with your Instagram ID will be stored on your device. This enables Meta to understand that you have visited this page and how you have used it. This also applies to all other Meta pages. Meta buttons integrated into websites make it possible for Meta to record your visits to these websites and assign them to your Instagram profile. Based on this data, content or advertising can be offered tailored to you.
To avoid this, you should log out of Facebook or disable the "stay signed in" feature, delete the cookies present on your device, then exit and restart your browser. In this way, Meta information that can be used to identify you directly will be deleted. Instagram allows you to use our Instagram profile without your Instagram ID being revealed. When you access the interactive features of the page (like, comment, share, news, etc.), an Instagram login screen appears. After any registration, you will be recognizable as a specific user for Facebook again. For information on how to manage or delete existing information about you, please visit the following Instagram support page: https://help.instagram.com/1533933820244654.
6.2.2 Sole responsibility of DIFOX
Furthermore, DIFOX is also solely responsible for certain data processing. We process the following data for communication with LinkedIn users to offer our information service:
• User interactions (postings, likes, etc.),
• Profile name and data provided by the user in the course of the conversation, e.g. for processing service requests,
• Statistical surveys on target group advertising,
• Statistical data on user interactions in aggregated form, i.e. without personal reference for DIFOX (e.g. page activities, page views, page previews, likes, recommendations, posts, videos, page subscriptions incl. origin, times of day), and
• Targeted advertisements based on aggregated demographic data that is not personally identifiable (e.g., age, location, language, or gender information).
The processing is carried out for the purpose of answering your inquiries (if you have sent us an inquiry) or communicating with you and to publish information about events, products and services of DIFOX. The legal basis of the processing for the purpose of responding to inquiries that serve a future contract conclusion and are initiated by you is Art. 6 para. 1 p. 1 lit. b) GDPR and in the other cases Art. 6 para. 1 p. 1 lit. f) GDPR.
When personal data is transferred to LinkedIn servers in the USA for storage and further processing, LinkedIn is certified under the EU Commission's adequacy decision for data transfers to the USA, the Data Privacy Framework, which allows corresponding data transfers in accordance with this adequacy decision.
The legitimate interest consists in the effective delivery of information to users, customers and interested parties and the communication with these individuals as well as the external presentation of DIFOX.
You can find the current version of this privacy policy on the "About Us" page under the "Privacy Policy" section of our LinkedIn page.
After your request has been completed, the personal data you have provided will be deleted from our systems. Should you interact with us publicly, for example by leaving a comment or "liking" a post, this data will remain publicly accessible on the site until deleted by us or you. Insofar as legal storage obligations require longer storage, your data will only be stored for this purpose and will be blocked for other purposes.
To exercise your right to object to us, please contact us either at dataprotection@difox.com or at the above address by mail or telephone. We will then process your request immediately.
The provision of your data is voluntary. However, it is not possible to visit our profile without us processing personal data jointly with LinkedIn or DIFOX and LinkedIn processing personal data in their own, separate responsibility.
6.2.3. Sole responsibility of Meta
Meta remains solely responsible for the processing of such personal data in connection with visits to Instagram pages that do not fall under shared responsibility.
If you are currently logged in to Instagram as a user, there is a cookie with your Instagram identifier on your terminal device. This enables Meta to track the fact that you have visited our page and how you have used it. This also applies to all other Instagram pages. If you want to avoid this, you should log out of Instagram or disable the "stay logged in" feature, delete the cookies present on your device, and exit and restart your browser.
6.3 LinkedIn
DIFOX uses the technical platform and services of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (hereinafter "LinkedIn") for the information service offered here. We would like to point out that you use this LinkedIn page of DIFOX and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
6.3.1 Joint responsibility with LinkedIn
DIFOX is only jointly responsible with LinkedIn for the processing of so-called "Insights data" if this data is used for the creation of so-called "Page Insights".
DIFOX and LinkedIn have entered into an agreement as part of their joint responsibility, which you can access here: https://legal.linkedin.com/pages-joint-controller-addendum (so-called "Page Insights Joint Controller Addendum"). The agreement applies to those data processing operations that are collected in connection with a visit to or interaction with our LinkedIn profile, but only insofar as these data are also processed (thereafter) for "Page Insights". "Page Insights" include analytics services that help LinkedIn profile operators better understand interactions with their pages. The purpose of the data processing is to create aggregated statistics for LinkedIn profile operators.
When a LinkedIn member visits, follows, or engages with the site, LinkedIn processes personal data to provide the site operator with insights into usage,
In particular, LinkedIn processes data that the member has provided to LinkedIn, such as data on function, country, industry, seniority, company size, and employment status from a member's profile, and
In addition, LinkedIn processes information about how a member has interacted with your company page, such as if a member is a follower.
When you visit our LinkedIn page, LinkedIn collects, amongst other things, your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as the operator of the LinkedIn page, with statistical information about the use of the LinkedIn page. We do not receive any personal data from LinkedIn in this context.
The data collected about you in this context is processed by LinkedIn and may be transferred to countries outside the European Union. Which information LinkedIn receives and how it is used is described in general terms by LinkedIn in its user agreement and its privacy policy. You will also find information there about how to contact LinkedIn and about the settings options for advertisements. LinkedIn's data policy is available at the following link: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy.
If you wish to exercise a data subject right to which you are entitled under the GDPR, please note that we cannot fully comply with all of these rights without LinkedIn. Therefore, it would certainly be more effective for you to contact LinkedIn directly. However, if you still need assistance, please feel free to contact us.
The respective responsibilities, in particular with regard to the protection of data subject rights, between DIFOX and LinkedIn can be found in the Page Insights Addendum (https://legal.linkedin.com/pages-joint-controller-addendum).
LinkedIn will assume primary responsibility for compliance with the GDPR obligations for the shared processing of "Insights Data". This includes the fulfillment of the following data subject rights:
The right of information (Art. 15 GDPR),
The right to restriction of processing (Art. 18 GDPR),
Furthermore, DIFOX is also solely responsible for certain data processing. We process the following data for communication with LinkedIn users to offer our information service:
User interactions (postings, likes, etc.),
Profile name and data provided by the user in the course of the conversation, e.g. for processing service requests,
Statistical surveys on target group advertising,
Statistical data on user interactions in aggregated form, i.e. without personal reference for DIFOX (e.g. page activities, page views, page previews, likes, recommendations, posts, videos, page subscriptions incl. origin, times of day), and
Targeted advertisements based on aggregated demographic data that is not personally identifiable (e.g., age, location, language, or gender information).
The processing is carried out for the purpose of answering your inquiries (if you have sent us an inquiry) or communicating with you and to publish information about events, products and services of DIFOX. The legal basis of the processing for the purpose of responding to inquiries that serve a future contract conclusion and are initiated by you is Art. 6 para. 1 p. 1 lit. b) GDPR and in the other cases Art. 6 para. 1 p. 1 lit. f) GDPR.
When personal data is transferred to LinkedIn servers in the USA for storage and further processing, LinkedIn is certified under the EU Commission's adequacy decision for data transfers to the USA, the Data Privacy Framework, which allows corresponding data transfers in accordance with this adequacy decision.
The legitimate interest consists in the effective delivery of information to users, customers and interested parties and the communication with these individuals as well as the external presentation of DIFOX.
You can find the current version of this privacy policy on the "About Us" page under the "Privacy Policy" section of our LinkedIn page.
After your request has been completed, the personal data you have provided will be deleted from our systems. Should you interact with us publicly, for example by leaving a comment or "liking" a post, this data will remain publicly accessible on the site until deleted by us or you. Insofar as legal storage obligations require longer storage, your data will only be stored for this purpose and will be blocked for other purposes.
To exercise your right to object to us, please contact us either at dataprotection@difox.com or at the above address by mail or telephone. We will then process your request immediately.
The provision of your data is voluntary. However, it is not possible to visit our profile without us processing personal data jointly with LinkedIn or DIFOX and LinkedIn processing personal data in their own, separate responsibility.
7. User's rights
7.1 Withdrawing consent, objecting
If you have given DIFOX your consent to process personal data in the context of your use of DIFOX services, you can withdraw this consent at any time pursuant to Article 7 (3) GDPR. The revocation can be sent by email to dataprotection@difox.com or in writing to the address listed below. The effects of the revocation will be limited to the storage and use of personal data that may not be used or stored without your consent based on statutory permissions. This withdrawal of consent, once declared to us, will have an impact on the permissibility of the processing of your personal data. However, please note that it may not then be possible to process the data concerned in the future.
If we base the processing of personal data on the balance of interests, you may object to the processing pursuant to Article 21 GDPR. This will be the case if the processing is not specifically required to fulfil a contract with you. If you lodge such an objection, we would ask you to tell us why we should no longer process your data in the manner in which we have previously done so. If you provide a reasoned objection, we will review the matter and either cease or adapt our data processing or present you with the compelling legitimate reasons which permit us to continue to process your data. If you have exercised your right to object, the data controller will no longer process your personal data unless it can prove that there are compelling legitimate grounds for the processing that outweigh the data subject’s interests, rights and freedoms or that the processing serves the purpose of the assertion, exercise or defence against legal claims.
You can of course object at any time to the processing of your personal data for the purposes of advertising and data analysis. You can notify us of your objection to advertising by e-mailing us at: dataprotection@difox.com or via the address given below.
7.2 Your other rights
On request, DIFOX will provide you pursuant to Article 15 GDPR with information concerning the personal data stored by DIFOX. You also have the option at any time to require DIFOX to correct your data pursuant to Article 16 GDPR, to erase it pursuant to Article 17 GDPR or to restrict the processing thereof pursuant to Article 18 GDPR. Pursuant to Article 20 GDPR, you have the right to require us to hand over to you or a third party in a common machine-readable format data that we have automatically processed on the basis of your consent or for the fulfilment of a contract. If you have requested that the data be directly transferred to another controller, this will be done only if it is technically feasible.
You also have the right to lodge a complaint with a data protection supervisory authority pursuant to Article 77 GDPR.
The only data that will be excluded from deletion are those that DIFOX requires for processing outstanding orders or for asserting existing rights and claims, as well as data that DIFOX has to store as required by law. Such data will however be blocked.
You also have the right to lodge a complaint with a data protection supervisory authority pursuant to Article 77 GDPR.
We will be happy to provide you with further assistance.
Address
DIFOX a branch of Duttenhofer GmbH & Co. KG Alfred-Nobel-Str. 6 97080 Wuerzburg Germany
