Data Protection Policy
This general data protection policy applies to all online services offered by DIAL. This includes websites, functions and contents as well as external online presences, such as our customer portal or our seminar platform. In addition to the following mandatory information, we have compiled additional individual data protection information for individual online offers. These provide offer-specific data processing procedures and focus, in particular, on cooperation with external service providers who supply services on our behalf.
Individual data protection information must be observed for the following online offers.
General information on the collection of personal data
(1) In the following lines, we provide information on the collection of personal data when using our online offers. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behaviour, IP address.
(2) The responsible party according to Art. 4, para. 7 of the EU General Data Protection Regulation (GDPR) is:
Tel: +49 (0) 2351 5674 0
You can contact our data protection officer at:
Höveler Weg 2
Tel.: + 49 (0) 2353 9096 31
Fax: + 49 (0) 2353 9096 49
(3) If we make use of commissioned service providers for individual functions of our offers or if we wish to use your data for commercial purposes, we will inform you of the respective processes as described in detail below. In so doing, we will also cite the set criteria for the storage period.
General information about data processing
(1) As a matter of principle, we collect and utilise users' personal data only to the extent required to ensure the functioning of our website and of our contents and services. The collection and utilisation of our users' personal data normally occurs after users have given their consent. An exception applies to cases in which prior consent can not be obtained for practical reasons and where the processing of the data is legally permitted.
(2) In so far as we have obtained consent for the processing of personal data from the data subject, Art. 6, para. 1, point a of the GDPR acts as the legal basis. When processing personal data in order to fulfil a contract, to which the data subject is a party, Art. 6, para. 1 point b of the GDPR serves as the legal basis. This also applies to processing that is required in order to perform pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, Art. 6, para. 1, point c of the GDPR serves as the legal basis. If vital interests of the data subject or of another natural person require the processing of personal data, Art. 6, para. 1, point d of the GDPR serves as the legal basis. If processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party and the interests, fundamental rights and freedoms of the data subject do not override the former interests, Art. 6, para. 1, point f of the GDPR acts as the legal basis for processing.
(3) The personal data of the data subject are deleted or locked once the purpose of their storage no longer applies. Furthermore, data can be stored if provision has been made by the European or national legislator in ordinances, acts or other regulations in EU law to which the controller is subject. The data are also locked or deleted if a storage period prescribed by the stated standards expires, unless it is necessary to continue to store the data in order to conclude or fulfil a contract.
(4) Furthermore, we may also disclose your personal data to third parties when we offer participation in campaigns, contests, contract conclusions, or similar services together with partners. You will receive further information on this when you provide your personal data or at the bottom of the description of the service being offered. If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this in the description of the service being offered.
(1) You have the following rights in relation to us regarding your personal data:
a) Right of access
You have the right to request confirmation as to whether relevant data will be processed, and to information on this data as well as further details and copies of the data in accordance with Art. 15 of the GDPR.
b) Right to rectification
In accordance with Art. 16 of the GDPR, you have the right to request the completion of the data or the rectification of the incorrect data concerning you.
c) Right to erasure or right to restriction of processing
In accordance with Art. 17 of the GDPR, you have the right to request that personal data be deleted immediately, or alternatively the right to request the restriction of processing of the data in accordance with Art. 18 of the GDPR.
d) Right to data portability
You have the right to receive the data concerning you, which you have provided to us, in accordance with Art. 20 of the GDPR, and to request their transmission to other controllers.
(2) You also have the right to submit a complaint to the relevant data protection supervisory authority concerning our processing of your personal data. In our case, this is the North Rhine-Westphalia state official for data privacy and information security (ldi): https://www.ldi.nrw.de/
Objection to or revocation of the processing of your data
(1) If you have consented to the processing of your data, you can revoke this at any time in accordance with Art. 7, para. 3 of the GDPR. Once communicated to us, such a revocation affects the admissibility of the processing of your personal data.
(2) Insofar as we base the processing of your personal data on the balancing of interests in accordance with Art. 6, para 1 point f of the GDPR, you can lodge an objection to the processing. This is the case if processing in particular is not necessary for the fulfilment of a contract with you, which we will note in the subsequent description of each function. If you raise such an objection, we ask that you explain the reasons why we should not process your personal data in the manner we have done. If your objection is justified, we will examine the situation and either cease or adjust the data processing or explain to you our compelling and legitimate reasons as to why we will continue to perform the processing as such.
(3) Of course, you may also object at any time to the processing of your personal data for advertising and data analysis purposes. You may inform us of your objection to such uses via the following contact details: DIAL GmbH, Bahnhofsallee 18, 58507 Lüdenscheid, dialog(at)dial.de.
Deletion of data
The data processed by us will be deleted or have its processing restricted in accordance with Art. 17 and 18 of the GDPR. Unless expressly stated in this data protection policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any legal storage obligations. If the data are not deleted because they are necessary for other legally permissible purposes, their processing is restricted. This means that the data is locked and not processed for any other purposes. This applies, for example, to data that must be kept for commercial or tax reasons. According to legal requirements in Germany, records shall be kept for 6 years in accordance with section 257, para. 1 of the HGB (German Commercial Code) (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years in accordance with section 147, para. 1 of the AO (German Fiscal Code) (books, records, progress reports, accounting documents, commercial and business letters, for documents relevant to taxation, etc.).
Transfer of data to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in order to utilise third-party services, disclose or transfer data to third parties, then this will only happen in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or have the data processed in a third country only if the particular requirements of Art. 44 ff. of the GDPR apply. This means, for example, that processing is carried out on the basis of special guarantees, such as the officially recognised establishment of a data protection level in compliance with the EU (e.g. by the "Privacy Shield" for the USA) or compliance with officially recognised special contractual obligations ("standard contractual clauses").
Data collection on our website
(1) If you are using the website solely for informational purposes, i.e. if you have not registered or otherwise conveyed information to us, we will only collect personal data transmitted by your browser to our server. If you would like to view our website, we will collect the following data, which is a technical requirement for us in order to be able to display our website and to ensure stability and security (the legal basis for this is Art. 6, para. 1, sentence 1, point f of the GDPR):
a) IP address,
b) Date and time of request,
c) Content of the request (specific page),
d) Access status/HTTP status code,
e) Volume of data transmitted,
f) Website issuing the request,
h) Operating system and its interface,
i) Language and version of browser software.
(2) The data are also stored in the logfiles of our system. These data are not stored together with other personal data of the user. The legal foundation for the temporary storage of the data and logfiles is Art. 6, para. 1, point f of the GDPR. The data are stored in logfiles in order to ensure that the website functions properly. In addition, the data helps us to optimise the website and to ensure the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this context. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
(3) The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. If data has been collected for the provision of the website, this occurs when the respective session ends. The collection of data for the provision of the website and the storage of data in logfiles is absolutely necessary for the operation of the internet site. As a result, the user may not object.
To protect the transmission of confidential content that you send to us (e.g. orders, inquiries), this website uses what is known as SSL or TLS encryption. These can be recognised by the lock symbol in your browser address bar. Concurrently, the address line changes from "http://" to "https://". This means that third parties are not able to read this data.
(2) Temporary cookies or "session cookies" or "transient cookies" are cookies that are deleted after a user leaves an online offer and closes their browser. In such a cookie, the contents of a shopping cart in an online shop or a login status are stored, for example. "Permanent" or "persistent" cookies refer to those that remain stored even after the browser has been closed. In doing so, the login status can be stored, for example, if users visit the website after several days.
(3) In addition to so-called "first-party cookies", which are set by us as the party responsible for data processing, "third-party cookies" are also used, which are offered by third-party providers. If "third party cookies" are set, we will inform you about this within the respective data protection information of the online offers and about the cooperation with external service providers.
(4) The legal basis for the processing of personal data using "first-party cookies" is Art. 6 para. 1 point f of the GDPR and of "third-party cookies" Art. 6, para. 1, point a of the GDPR.
Registration options on our website / online services
(1) You can register on our website in several ways. This allows you to book seminars and/or webinars and/or events and/or support services and/or materials such as white papers about our products and services. To do this, it is necessary for the conclusion of the contract that you provide the personal data we require to process your order or your booking. Furthermore, on our website you can give us feedback on customer satisfaction. The mandatory information fields required for processing are specially marked. Other details are voluntary. We may also use the data you have provided to process your order or your booking. The legal basis for the processing of data when you give your consent is Art. 6, para. 1, point a of the GDPR. To this end, we can pass on your payment data to our principal bank. The legal basis for this is Art. 6, para. 1, sentence 1, point b of the GDPR. If the registration serves to fulfil a contract whose contracting party is the user or serves to implement pre-contractual measures, then an additional legal basis for the processing of data is Art. 6, para. 1, point b of the GDPR.
(2) We use the so-called double-opt-in procedure for the registration to support services, i.e. your registration is not complete until you have confirmed your registration by clicking on the link contained within a confirmation email sent to you for this purpose.
(3) If you use our portal, we will store the data required to fulfil the contract and also details on the method of payment until you permanently delete your access data. Furthermore, we will store the voluntary data you have provided for the duration of your website use, unless you delete these beforehand. You can manage and change all information in the secure customer area. The legal basis is Art. 6, para. 1, sentence, 1 point. f of the GDPR. In addition, we delete your data as soon as it is no longer necessary for its intended purpose and the deletion does not conflict with any statutory retention requirements.
(1) With your consent, you can subscribe to our newsletter in which we will keep you informed of our current interesting offers. The goods and services advertised will be set out in the declaration of consent. The input mask used for this purpose determines which personal data are transmitted when the newsletter is ordered from the data controller.
(2) For legal reasons, we use the double opt-in method for subscribing to our newsletter. This means that once you have registered, we will send an email to the email address you have provided to us, asking you to confirm that you wish to receive the newsletter. If you fail to confirm your registration within three months, your information will be locked and will be automatically deleted after one month. Furthermore, we will store the IP addresses you have used and the time at which you registered/confirmed your registration in each case. The purpose of this procedure is to give us a record of your registration and to allow us to resolve any potential misuse of your personal data.
(3) The only mandatory information we require in order for the newsletter to be sent to you is your email address. Any provision of further, separately marked data is voluntary and these will be used to address you personally. Once we receive your confirmation, we will store your email address for the purpose of sending the newsletter to you. The legal basis is Art. 6, para. 1, sentence 1, point a of the GDPR.
(4) You may revoke your consent to receiving the newsletter at any time and unsubscribe from the newsletter. To do so, you can click on the link provided in each Newsletter email, send an email to dialog(at)dial.de or you may declare your revocation by sending a message to the contact details provided in the website information.
(5) Please note that we analyse your user behaviour when we send out the newsletter. Using the data obtained in this way, we compile a user profile so that we can provide you with a newsletter tailored to your interests. This constitutes a legitimate interest as per Art. 6, para. 1, sentence 1 of the GDPR. We record the time at which you read our newsletter and the links you click on in it and, from this, derive your personal interests. For this analysis, the emails we send out contain "tracking pixels". You can object to this tracking at any time by clicking on the separate link provided in each email or by notifying us via another contact channel. The information will be stored for as long as you are subscribed to the newsletter. When you unsubscribe, we will store the data purely for statistical purposes and in an anonymous form.
Use of our forum DIALux board
(1) You can read our forum without prior registration. If you would like to actively participate in the forum, you must register by entering your email address and a password and username of your choice. There is no obligation to provide a real name and pseudonyms may be used. We use the so-called double-opt-in procedure for registration, i.e. Your registration is only complete once you have confirmed the registration by clicking on the link contained in a confirmation email sent to you for this purpose. If we do not receive your confirmation within 14 days, your registration will be automatically deleted from our database.
(2) If you register a forum account, we will store all information you post in the forum, i.e. public posts, bulletin board entries, friendships, private messages, etc., until you log out, in order to operate the forum. The legal basis is Art. 6, para. 1, sentence, 1 point. f of the GDPR.
(3) If you delete your account, your public statements, especially posts to the forum, remain visible to all readers, but your account is no longer accessible and is marked with "unknown user" in the forum. All other data will be deleted. If you would like your public contributions to be deleted as well, please contact the controller using the contact details above.
Data protection information for webinars with GoToWebinar
(1) To conduct webinars, we use the GoToWebinar software solution. The GoToWebinar software solution is provided by LogMeIn Inc., 333 Summer Street, Boston, MA 02210, USA. The LogMeIn data privacy statement can be found here. LogMeIn processes your personal data in the USA, but has committed to adhere to the provisions of the EU-US Privacy Shield (https://www.privacyshield.gov/participant?id=a2zt0000000013fAAA), thus providing a guarantee that they will comply with European data protection laws.
(2) In order to take part in a webinar, you must register with LogMeIn. This requires you to submit the following personal data: Name, first name, email address, company. To conduct a webinar related to an order, LogMeIn transmits your registration/customer data to us. The legal basis for the processing of your data is Art. 6, para. 1, sentence 1, point a) of the GDPR and Art. 6, para. 1 sentence 1 point b) of the GDPR.
(3) To conduct the webinar, an encrypted connection is established between you and the organizer of the webinar. Webinars are regularly recorded and played back when the webinar is accessed later. During and after the webinar, statistical data is transmitted to us. If you take part in a webinar and/or ask or answer a question during the webinar, we receive, in addition to your registration data, information about the participation duration, your interest in the webinar, and the question and/or answer for further customer support or to expand the user experience.
Use of Google Analytics
(1) This website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA ("Google"). Web analysis refers to the collection, compilation and analysis of data on the behaviour of visitors to websites. Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the website. We have already explained above what cookies are. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.
(2) This website uses Google Analytics with the extension "_anonymizepIp()". As a result, IP addresses are processed in a shortened form and direct references to persons can be ruled out. Due to the activation of IP anonymisation on these websites, Google will however truncate your IP address within Member States of the European Union or in other Contracting States to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and truncated there. For these exceptional cases where personal data is transferred to the USA, Google is certified under the Privacy Shield Agreement, and thus guarantees that it will observe European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). On behalf of the operator of this website, Google will use this information to analyse your use of the website, to compile reports on website activities and to provide the website operator with other services relating to website use and Internet use. We use Google Analytics to enable us to analyse and improve the use of our website. Using the statistics generated in this way allows us to regularly improve our offer and to make it more interesting for you as the user.
(3) The following data types are processed by Google:
- Online designations (including cookie identifiers)
- IP address
- Device IDs
(4) Google will not associate the IP address transmitted by your browser in the context of Google Analytics with any other data held by Google.
(5) More information regarding Google's terms of service and data protection regulations can be found at http://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/privacy. Google Analytics is explained in more detail under this link https://www.google.com/intl/de_de/analytics/ .
(6) By integrating Google Analytics, we aim to analyse and react to user behaviour on our website. This enables us to continuously improve our offer. The legal basis for the processing of personal data described here is Art. 6, para. 1 point a) of the GDPR.
(7) We have signed a contract for the use of Google Analytics with Google in accordance with Art. 28 of the GDPR. Google therefore processes data on our behalf for the purposes mentioned in paragraph (6). As part of the order processing Google is entitled to engage subcontractors. A list of these subcontractors can be found at https://privacy.google.com/businesses/subprocessors/.
Use of Matomo
(1) This website uses the web analysis service Matomo to analyse and regularly improve the use of our website. Using the statistics generated in this way allows us to improve our service and to make it more interesting for you, the user. The purpose of the Matomo component is the analysis of traffic on our website. Among other things, we use the data and information obtained to evaluate the use of this website in order to compile online reports that show the activities on our website. The following information is collected:
- the URL from which the administration portal or one of its sub-pages is accessed (e.g. a search engine or a link from another website)
- the URLs of the administration portal that are called up,
- the time spent on the respective websites of the administration portal,
- the search terms entered,
- information transmitted by the user's access device (operating system, screen resolution, browser, language setting of the browser)
(2) We store the information collected in this way exclusively on one of our servers. We do not pass on this personal data to third parties. This website uses Matomo with the extension "AnonymizeIP". As a result, IP addresses are processed in a shortened form and direct references to persons can be ruled out. Matomo will not associate the IP address transmitted by your browser with any other data we have gathered.
(3) Cookies are stored on your computer for this analysis (we have already discussed cookies in more detail above). The placing of the cookie enables us to analyse the use of our website. Every time you call up one of the individual pages of this website, your internet browser is automatically prompted by the Matomo component to transmit data to our server for the purpose of online analysis. As part of this technical process, we obtain knowledge of personal data, such as the IP address of the data subject, which we use, among other things, to trace the origin of both visitors and clicks. Cookies are used to store personal information such as the time of access, the location from which access was made and the frequency of visits to our website.
(5) For information on third-party privacy, visit https://matomo.org/privacy/.
Integration of YouTube videos
(1) We have integrated YouTube videos into our online offer, which are stored at http://www.YouTube.com and can be played directly from our website. YouTube is an internet video portal that allows video publishers to upload video clips free of charge and allows other users to view, rate and comment on video clips free of charge. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. On our website, we use the content or service offers of YouTube on the basis of our legitimate interests (that is, interests in analysis, optimisation and economical operation of our online offer as per Art. 6, para. 1, point f of the GDPR) in order to include their content and services.
(2) By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. This happens regardless of whether YouTube provides a user account that you are logged in to, or no such user account exists. If you are logged into Google, your data will be allocated directly to your account. If you do not want any allocation to your YouTube profile, you must log out prior to activating the button. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or for the design of its website according to demand. Such an analysis is conducted in particular (even for users who are not logged in) in order to display advertisements in line with user preferences and to inform other users of the social network about your activities on our website. You are entitled to raise an objection against the creation of such user profiles, but you must contact YouTube directly in order to exercise that right.
(3) For further information on the purpose and scope of data collection and data processing by YouTube, please refer to their data protection policy. Here you will also find further information on your rights and the options for settings concerning the protection of your privacy: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has committed to adhere to the provisions of the EU-US Privacy Shield (https://www.privacyshield.gov/EU-US-Framework), which consequently guarantees compliance with European data protection law.
Integration of Google Maps
(1) We use Google Maps services on our website. This allows us to show you interactive maps directly on the website and allows for convenient use the map function. On our website, we use the content or service offers of Google Maps on the basis of our legitimate interests (that is, interests in analysis, optimisation and economical operation of our online offer as per Art. 6, para. 1, point f of the GDPR) in order to include their content and services.
(2) By visiting our website, Google receives the information that you have accessed the corresponding sub-page of our website. This happens regardless of whether Google provides a user account that you are logged in to, or no such user account exists. If you are logged into Google, your data will be allocated directly to your account. If you do not want any allocation to your Google profile, you must log out prior to activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research and/or for the design of its website according to requirements. Such an analysis is conducted in particular (even for users who are not logged in) in order to display advertisements in line with user preferences and to inform other users of the social network about your activities on our website. You are entitled to raise an objection against the creation of such user profiles, but you must contact Google directly in order to exercise that right.
(3) For further information on the purpose and scope of data collection and data processing by the plug-in provider, please refer to the provider's data protection policy. Here you will also find further information on your respective rights and the options for these settings concerning the protection of your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has committed to adhere to the provisions of the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Last updated: March 2020 -