Data protection
Dussmann Luxembourg
A. General
Dussmann Stiftung & Co KGaA and its affiliated companies (hereinafter referred to as “Dussmann”) take the protection of your personal data very seriously and comply with data protection legislation. Personal data will only be processed for the purpose for which it is required. In accordance with the legal provisions, our employees are obliged to secrecy, confidentiality and compliance with data protection regulations.
The following paragraphs describe the information we collect and how it is used. Below we would like to explain the purposes for which we process your data and how you can exercise your rights. You can view and print the privacy policy at any time by clicking on the “Data Protection” tab at the bottom of each page.
1. Data controller
The company responsible for processing the data is
Dussmann Stiftung & Co KGaA, Friedrichstraße 90, 10117 Berlin
A list of affiliated companies can be found at https://www.dussmanngroup.com/verbundene-unternehmen/. If you contact one of our affiliated companies directly via the website or by any other means, they are considered to be the data controller.
Contact details of our data protection officer
Dussmann Stiftung & Co KGaA,
Data Protection Officer
Friedrichstraße 90, 10117 Berlin
datenschutzbeauftragter @dussmann.de
Phone +49 30 2025-0
2. Personal data
Personal data is any information relating to an identified or identifiable natural person (e.g. their real name, address or telephone number).
Special categories of personal data correspond to a particularly protected subgroup of data and are described in Art. 9 of the General Data Protection Regulation (GDPR). They include, among others, health data and biometric data.
In principle, we collect personal data directly from you. Unless you give your consent in some other way. We process personal data that you have transmitted to us electronically as well as information that we collect in writing or electronically when you use our website or during a telephone conversation with our employees. This is done solely for the purpose of providing and administering our services, as well as through contact forms you have filled out or other correspondence.
3. Access to your personal data by third parties
Personal data is processed by us and, insofar as we have not expressly excluded it, also by other companies of the Dussmann Group or by service providers commissioned by us. In the latter two cases, we will ensure that the group companies or service providers comply with the applicable data protection regulations and the obligations arising from this data protection information.
We will only pass on your personal data without your consent to public bodies that have been commissioned to do so, if we are obliged to do so by law or by a court order (Art. 6 para. 1 lit. c) GDPR).
A transfer is also possible in accordance with Art. 6 para. 1 letter f) GDPR, if it is necessary for the enforcement, exercise or defence of legal claims and if there is no reason to believe that you have a legitimate interest worthy of protection in the non-transfer of your data.
Insofar as this is legally permissible and, in accordance with Article 6(1)(1)(b) of the GDPR, necessary for the performance of the contract concluded with you, your data will also be passed on to third parties.
4. Recipients of personal data
Within the framework of the legal powers, your personal data may be disclosed to the following categories of recipients in particular:
- Web analysis service providers
- IT service providers who process data as part of a service (e.g. for IT maintenance activities, hosting providers)
- Providers of file and data destruction, printing services
- Providers of marketing and distribution services
- Providers of newsletters and logistics
- Suppliers, e.g. of materials and services
- Partners
- Payment service providers
- Information and collection companies
- Authorised distributors
- Accountants, tax advisors, consulting companies, insurance companies
- Other Dussmann companies, if this is necessary in connection with an offer, a tender or the establishment, execution or conduct of the business relationship
- Courts, authorities, legal advisors or arbitration tribunals, insofar as this is necessary for compliance with the applicable law or for the assertion, exercise or defence of legal claims
Some of the intra-group recipients are located in third countries (countries outside the EU). Within the group, Dussmann ensures that your personal data is also adequately protected at the recipient’s premises within the framework of data protection agreements based on the EU’s standard data protection clauses.
The legal basis for the transfer of data within the group is Art. 6, para. 1, letter f) of the GDPR. The exchange of data within the group for internal management purposes constitutes a legitimate interest (Recital 48 GDPR).
Before passing on your information to third parties, we take appropriate measures to ensure that the recipients undertake to comply with the applicable data protection legislation and the confidentiality of personal data. Where applicable, data is transmitted under an order processing contract to ensure that the data is only processed for the intended purpose and that adequate security measures are taken.
B. Data processing for any visit to our websites
1. Categories of data, purposes and legal bases of data processing
When you visit our websites and/or enter into a contract with us via the website, we process your personal data. The processing may involve the following data:
- Name, first name
- Address
- Company
- E-mail address
- Telephone/fax number
- Date and time of the request
- Content of the request (concrete page)
- Access status/HTTP status code
- Individual amount of data transmitted
- Website from which the request was made
- Browser type and version
- Language and version of browser software
- IP address and internet service provider
- Operating system
- For mobile devices, if applicable, manufacturer/model
- Product/service
- Bank and credit card details
- Comment/information in the text field
We process this data for the operation of the websites (Art. 6 para. 1 lit. b) and f) of the GDPR), for the execution and fulfilment of the contract (Art. 6 para. 1 lit. b) of the GDPR) as well as for our own advertising purposes (if you provide us with your consent in accordance with Art. 6 para. 1 letter a) of the GDPR or on the basis of our legitimate interests in accordance with Art. 6 para. 1 letter f) of the GDPR). Furthermore, we use this data to fulfil our legal obligations towards regional and federal authorities (e.g. tax authorities) in accordance with Art. 6 para. 1 letter c) GDPR. For the conclusion of the contract and in order to uniquely identify you, we require at least your surname, first name and, if applicable, address. Without this information, we are unable to execute the contracts in question. If, in addition, you provide us with information voluntarily and at your request, we will process this information on the basis of Art. 6, para. 1, letter f) of the GDPR.
2. Log files
When you visit our web pages, we store connection data temporarily by default in order to ensure system security and stability, to guarantee a smooth connection to the website and for other administrative purposes.
The access logs of the web servers record which pages have been accessed and when. They include the following data: IP address, date, time, pages accessed, protocols, status code, amount of data, referrer, user agent, host name. The recorded IP addresses are then truncated. These are deleted 60 days later.
Error logs, which record unsuccessful page views, include, in addition to the error messages, the IP addresses requesting access to the page and, depending on the error, the website in question. The error logs, which record unsuccessful page views, are deleted seven days later.
Accesses via FTP are recorded with pseudonymised information (user name and IP address). The data is deleted after 60 days.
E-mail logs for sending e-mails from the web environment are anonymised the following day. During anonymisation, all data on the sender/recipient, etc. is deleted. All that remains is the data on the time of sending and the information on the processing of the e-mail (queued or not sent). The data is deleted after 60 days.
The IP address is only used insofar as it is necessary to safeguard the legitimate interests of the responsible party or a third party, unless the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, prevail. The personal interests correspond to the evaluation of our website usage data, the prosecution of legal claims, the clarification of offences and the maintenance of our IT security systems.
The processing is carried out on the basis of Art. 6 (1) (f) of the GDPR. Our legitimate interest arises from the above-mentioned purposes of data collection.
3. Contact forms
If you use a contact form on our website, the data you provide (e.g. gender, name, company, address, e-mail, telephone number, question) is processed so that we can respond to you appropriately, so that your message is forwarded to the correct contact person at Dussmann and so that this person can contact you.
The legal basis for the processing is Art. 6 (1) (f) of the GDPR and, as long as your request leads to the conclusion of a contract, the legal basis for the processing of the data necessary for this purpose is Art. 6 (1) (b) of the GDPR. Our legitimate interest is to respond to your request.
4. Newsletter
If you subscribe to any of the newsletters we offer, you must provide us with a valid email address. Additional information is optional. Once you have subscribed, our system sends you an e-mail with an activation link to confirm your subscription to the newsletter. This ensures that you are the owner of the e-mail address you provide and that you agree to receive the newsletter. The subscription to the mailing list and the sending of the newsletters only takes place once you have clicked on the activation link in the subscription email (called Double Opt-in process). When subscribing to the newsletter, your IP address as well as the date and time of the subscription are recorded. This processing is carried out on the legal basis of Art. 6, para. 1, letter a) of the GDPR. You can revoke your consent at any time, with effect for the future, by using the contact details given in the privacy policy or by clicking on the unsubscribe link in each newsletter. We work with service providers such as CleverReach (CleverReach GmbH & Co KG, CRASH Building, Schafjückenweg 2, 26180 Rastede) to send out newsletters.
We regularly send information with product recommendations to our active customers by e-mail. These newsletters are sent independently of the newsletter subscription. These recommendations enable us to offer you our services and articles. This processing is carried out on the legal basis of Art. 6, para. 1, letter f) of the GDPR. Our legitimate interest is to send you information about our products and services.
If you no longer wish to receive such e-mails, you can opt out by clicking on the link at the end of each e-mail with effect for the future.
5. News alert/job alert
With our news alert and job alert, you will automatically be informed when new contributions or jobs are available or published in the sectors of activity or companies that meet the criteria you have defined. All you need to do is provide us with a valid e-mail address. When registering for the news alert or job alert, the IP address, the date and time of registration, and the criteria you have set are recorded. In the case of the job alert, the page on which the registration is made is also recorded. The data is only used for sending the alerts. This processing is carried out on the legal basis of Art. 6, para. 1, letter a) of the GDPR. You can revoke your consent at any time, with effect for the future, by using the contact details given in the privacy policy or by clicking on the unsubscribe link in each news alert or job alert.
With respect to the data you have provided to us in order to receive the news alert or job alert, we store this data until you unsubscribe from the alert and delete it after you unsubscribe. This does not affect the data we store for other purposes.
6. Cookies, pixel tags and similar technologies
Cookies” are small text files and web beacons are small image files that store specific information on your device (PC, laptop, tablet, smartphone, etc.) when you visit one of our websites (hereinafter collectively referred to as “cookies”). Cookies help us to determine the frequency of use and the number of users of our web pages and to make our offers as pleasant and effective as possible for you. We use both session cookies and permanent cookies on our websites.
However, it is possible to take advantage of our offers without using cookies. You can deactivate the saving of cookies in your browser, restrict it on certain sites or set your browser so that you are informed as soon as a cookie is sent. In this case, however, you can expect a restricted display of the site concerned with limited user guidance.
The data processed by cookies is necessary for the above-mentioned purposes, i.e. to protect our legitimate interests and those of third parties. The processing is carried out on the basis of Art. 6, para. 1, letter f) of the GDPR.
6.1. Google Analytics
We use Google’s ReCaptcha service to determine whether it is a human being or a computer that makes a certain entry in our contact or newsletter form. Google uses the following data to check whether you are a human being or a computer: the IP address of the terminal used, the website you visit and the type of information you provide.
We use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics enables us to compile statistics about the use of websites and their sources. The cookies are stored for a period of 2 years. We use Google Analytics exclusively for statistical purposes, e.g. to track the number of users who have clicked on a particular element or information.
The legal basis for this is our legitimate interest in measuring the scope of our information offering in cooperation with our service providers (Art. 6(1)(f) of the GDPR) and in compiling pseudonymised usage profiles for the use of our websites by visitors to our information offerings.
Google Analytics uses cookies and collects information about your use of our websites, including your IP address. In order to prevent visitors to the website from being identified by their IP address, we use a special code to ensure that your IP address is transmitted in a truncated and therefore anonymised form. Once the IP address is truncated, it is no longer possible to identify users. For more information on data protection by Google Analytics, please visit https://support.google.com/analytics/answer/2700409?hl=fr&ref_topic=2611283.
You can prevent the collection and transmission of data to Google by downloading and installing the plug-in available at the following link: https://tools.google.com/dlpage/gaoptout. Alternatively, you can change the settings by clicking on the following link (https://adssettings.google.com/anonymous?hl=en-GB&sig=ACi0TCgjQOtZZmsnhor-F-jUaLKUXPozB-azrbC60G1nlIid6ZBXp9mJfsSLCyW2C06i4JsWIeRrQw2CyV7laWP2gtjISjDTv8QM7RXXbZBM5xM64a1uc) or by visiting the NAI (Network Advertising Initiative) opt-out page http://www.networkadvertising.org. You can also prevent the storage of cookies in the general settings of your browser.
The storage period agreed with Google for user and event data associated with cookies, user IDs and advertising IDs is 14 months.
General information about Google: The information collected by Google Analytics is transmitted to Google LLC, located in the USA. For more information on data protection by Google, please visit https://policies.google.com/privacy?hl=fr.
6.2. Google reCAPTCHA
We use the Google reCAPTCHA service to determine whether our contact form or newsletter subscription form is completed by a human or a computer. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google uses the following data to check whether you are a human being or a computer: the IP address of the device used, the website visited and on which the Captcha is located, the date and duration of the visit, data identifying the type of browser and operating system used, the Google account if you are logged in to Google, the mouse movements on the reCAPTCHA, the clicks made and the keystrokes used as well as the identification mission of the images. In some cases, you have to be active when clicking and selecting the images (reCAPTCHA Version 2), in other cases, the identification of the human being is done solely on the basis of previous interactions with our websites (reCAPTCHA Version 3).
The legal basis for the described data processing is Art. 6, par. 1, letter f) GDPR. We have a legitimate interest in the processing of this data, namely to ensure the security of our websites and to protect ourselves against automated entries and attacks.
When using Google reCAPTCHA, personal data may also be transferred to Google LLC’s servers in the USA. Google’s privacy policy can be found at: https://policies.google.com/privacy.
6.3. Use of Google Maps
This website uses Google Maps to display maps and provide directions. Google Maps is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Our legitimate interest in using Google Maps is to provide the user with information about locations. The legal basis for the described data processing is Art. 6, para. 1, letter f) GDPR.
The cooperation with Google in terms of data protection is based on an agreement on joint responsibility pursuant to Art. 26 of the GDPR, which can be found at the following URL: https://cloud.google.com/maps-platform/terms/maps-controller-terms/.
When you visit pages using Google Maps, information about your use of our websites (e.g. your IP address) is transmitted to Google’s servers and stored there. This may also involve the transfer of personal data to Google LLC servers in the USA.
If you do not consent to the transmission of your data to Google in the future, you can deactivate the Google Maps web service completely by deactivating the use of JavaScript in your browser. Google Maps and the map display on our websites can then no longer be used.
6.4. Google Ads/Google Ads Conversion Tracking
We use Google Ads and Google Ads Conversion from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”), to measure the effectiveness of each ad, offer and feature. A cookie is set when you click on a Google ad. This cookie does not identify you personally. Instead, it allows us to determine whether you return to the website with the specific offer within the 30-day validity period of the cookie. The information received via the conversion cookie is used to compile conversion statistics for Google Ads customers who have opted to track conversions. We also determine the total number of users who clicked on an ad and were redirected to a site with a conversion tracking tag.
The legal basis for this is our legitimate interest in measuring the effectiveness of individual advertisements, offers and functions of our information offer in cooperation with our service providers (Art. 6 (1) (f) of the GDPR) and in compiling pseudonymised usage profiles for the use of our websites by visitors to our information offers.
You can prevent the collection and transmission of data to Google by preventing your browser from selecting the corresponding technical settings. However, we would like to point out that you may not be able to use all the features of this website. In addition, you have the option of adjusting the settings for ads on Google. To do this, go to https://support.google.com/ads/answer/7395996?hl=fr and disable personalised ads. Please note that these settings may not affect all your devices and browsers. For more information on this topic, please visit https://support.google.com/ads/answer/2662922?hl=fr.
When using Google Ads, personal data may also be transferred to Google LLC’s servers in the USA.
6.5. Use of Google Fonts
To ensure that the fonts are displayed correctly, our website uses the Fonts service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). When viewing a page, your browser loads the necessary Web Fonts into your browser’s cache to display text and fonts correctly.
For this purpose, the browser you are using must connect directly to Google’s servers; it is also possible that personal data will be transferred to Google LLC’s servers in the USA. Among other things, Google learns that our website has been accessed by your IP address. The use of Google’s web fonts is carried out in the interest of a harmonious and attractive presentation of our online offerings. This constitutes a legitimate interest within the meaning of Article 6(1)(f) of the GDPR. If your browser does not support fonts, your computer will use a default font.
For more information on Google Fonts, please visit https://developers.google.com/fonts/faq and read Google’s privacy policy: https://www.google.com/policies/privacy.
7. Facebook
Use of Facebook pages
We use what are called “fanpages” or pages on Facebook. These are websites hosted on the Facebook platform that allow companies to be represented and, for example, to get in touch with customers and interested parties.
Joint liability with Facebook
We and Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, are responsible for the collection and use of your data for statistical processing. The processing takes place when you visit our Facebook page. With the information provided below and in the context of joint responsibility, we fulfil our information obligations. When you visit our page, Facebook processes your personal data, such as your IP address and other information available in the form of cookies on your device. This applies both to visitors who have a Facebook account and to those who are not registered with Facebook. To find out exactly what data is processed, please see the “Information about Page Statistics Data” provided by Facebook: https://www.facebook.com/legal/terms/information_about_page_insights_data.
As the operator of the page, the results of this processing are made available to us by Facebook in the form of aggregated and anonymised user statistics.
Your data collected in this context is processed by Facebook Ireland Ltd. and, if necessary, transferred to countries outside the European Union. The data that Facebook processes for its own purposes is described in Facebook’s data use policy, which can be found at https://facebook.com/policy.php. There you will also find information on how to contact Facebook and on the options for setting up advertisements. We have no influence on this further processing of data by Facebook. Facebook is solely responsible for the processing of such personal data in connection with the use of the pages that are not under joint responsibility.
We would like to point out that data from the collection phase is also transmitted to locations in the United States and therefore outside the European Union.
If you are logged into your Facebook account when you visit our page, a cookie containing your Facebook ID will be stored on your device. Facebook will then be able to determine that you have visited our page and how you have used it. The same applies to all other Facebook pages. To avoid this, you should log out of your Facebook account or disable the “stay logged in” feature, delete the cookies on your computer and close and reopen your browser.
In our agreement with Facebook (available at: https://www.facebook.com/legal/terms/page_controller_addendum), Facebook agrees to assume primary responsibility for the processing of statistical data in accordance with the GDPR and to fulfil all obligations under the GDPR regarding the processing of such statistical data. We do not make any decisions regarding the processing of statistical data and all other information resulting from Art. 13 of the GDPR. You can find the gist of the agreement at: https://www.facebook.com/legal/terms/information_about_page_insights_data.
If you wish to exercise any of the rights (to find out what they are, see E.3 below) to which you are entitled under the RGPD, we would like to point out that in case of doubt, we cannot satisfy them alone. Therefore, it would certainly be more efficient for you to contact Facebook directly. You can find information about your rights regarding page statistics here:
https://www.facebook.com/legal/terms/information_about_page_insights_data.
With regard to page statistics and joint responsibility with Facebook, you have the right, for reasons relating to your particular situation, to object at any time to the processing of your personal data. For advice on how to exercise your right to object, please visit the following link:
https://www.facebook.com/legal/terms/information_about_page_insights_data
If you need help, please contact us. If your request concerns statistical data, we will forward it to Facebook.
The processing of the visitor’s personal data serves the provision of the Facebook page and the statistical analysis of the use of our page. This analysis is anonymous for us. The legal basis for the data processing is Art. 6, para. 1, letter f) GDPR. Our legitimate interests regarding the collection of personal data on each visit to the Facebook page and regarding the performance of statistical analyses are as follows: communication and interaction with interested parties and customers, the dissemination of information about our company, the anonymised analysis and representation of the use of the page, and the compilation of pseudonymised usage profiles for the use of our websites by visitors to our information offering.
Our sole responsibility
In addition, we process the data you voluntarily provide us about your use of the Facebook page (e.g. in a comment) in order to answer your questions, to communicate with you and to publish information about the content offered on the page or about our content. The legal basis for the processing is Art. 6 (1) (f) of the GDPR and, as long as the request leads to the conclusion of a contract, it is Art. 6 (1) (b) of the GDPR. The legitimate interest is to effectively inform and communicate with users, customers and interested persons.
Please do not hesitate to contact us if your request concerns data that we process under our own responsibility and to assert your rights towards us as a data subject. However, if you wish to exercise your rights with respect to processing that is the sole responsibility of Facebook, we would like to inform you that our ability to do so is limited to referring you to the relevant places on Facebook.
C. Additional information
1. Duration of data storage
If no storage period is expressly stated at the time of collection (e.g. as part of a declaration of consent) or in this privacy policy, personal data will be deleted as long as it is no longer required for the purpose for which it was stored, unless legal retention obligations (e.g. commercial and tax retention obligations) prevent deletion.
Insofar as we store personal data exclusively for the purpose of fulfilling retention obligations, they are generally blocked so that they can only be accessed when required by the retention obligations.
2. Security
We take all necessary technical and organisational security measures to protect your personal data against loss and misuse. Your data is stored in a secure environment that is not accessible to the public. On all websites we use SSL or TLS encryption. Your data is encrypted directly during transmission. For security reasons, we will not disclose any additional information on the subject.
3. Rights of data subjects
Revocation of consent
If you have given your consent to the processing of personal data, you may revoke it at any time with effect for the future. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. In the event of revocation, we will immediately delete the data concerned, provided that further processing cannot be based on a legal basis that allows processing without consent. You can send your revocation by e-mail to datenschutzbeauftragter @dussmann.de, or by post to Dussmann Stiftung & Co KGaA, Friedrichstraße 90, 10117 Berlin.
Further rights
You can assert your rights at the national subsidiary of the Dussmann Group in your country. You can find the name and address of the controller in the list of affiliated companies https://www.dussmanngroup.com/verbundene-unternehmen/ or in the legal notice of each national subsidiary.
You have the right to request confirmation from the controller within the Dussmann Group that the personal data concerned is being processed. If this is the case, you have a right to information about this data and the various information specified in Art. 15 of the GDPR.
You have the right to demand from the controller the immediate correction of incorrect personal data concerning you and, if necessary, the completion of incomplete data (art. 16 GDPR).
You have the right to demand from the controller the immediate deletion of your personal data, provided that one of the various reasons indicated in Art. 17 GDPR applies, e.g. if the data are no longer required for the intended purpose (right to erasure).
You have the right to request the controller to restrict the processing if one of the conditions specified in Art. 18 GDPR is met, e.g. if you have objected to the processing.
You have the right to receive the personal data that you have made available to us in a common, machine-readable format or to request that the controller transfer them to another controller (right to data portability, Art. 20 GDPR), insofar as this is technically feasible.
Where your personal data is sent to a country outside the EU with an inadequate level of protection, we will generally enter into a contract ensuring an adequate level of protection for personal data. If, under the EU-US Privacy Shield, service providers are certified to provide the appropriate level of protection, then a link proving this certification is provided above for each service provider. In addition, we use standard data protection clauses, which can be found at: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en
For reasons relating to your particular situation, you have the right to object to the processing of your personal data at any time. The controller will then cease processing the personal data unless it can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims (Art. 21 GDPR).
You may object at any time and without further consideration to the use of your data for direct marketing purposes.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data constitutes a breach of the GDPR (art. 77 GDPR). You can exercise this right with a supervisory authority located in the Member State of your residence, your place of work or the place where the breach occurred. For example, the competent supervisory authority for Dussmann Stiftung & Co KGaA, located in Berlin, is the Landesbeauftragte für Datenschutz und Informationsfreiheit Berlin, Friedrichstr. 219, 10969 Berlin. You may also contact another supervisory authority at any time. To find out which data controllers are responsible for processing data in your Member State outside Germany, you can contact the competent local authorities.
An overview of other national and international data protection authorities can be found here.
4. Changes to the privacy policy
In order to ensure that our data protection information always complies with the latest legal requirements, we reserve the right to make changes at any time. This also applies if the data protection information needs to be adapted in the event of new or revised offers or services.
If you have any questions or suggestions regarding this privacy policy, please do not hesitate to contact us. We are pleased that you entrust us with your data.
Version: 30/09/2020