Your privacy is important to us. DIEHL+RITTER gUG follows the European data protection regulations (GDPR) and is committed to protecting your personal information.
Personal data is information that relates to an identified or identifiable person. It particularly refers to information by which you can be identified, such as your name, telephone number, postal address, or email address. Statistical data that is automatically collected when you visit our website, but that cannot be used to identify you personally, does not count as personal data.
1. Contact Us
As stipulated by the GDPR, the Data Protection Officer is responsible for the handling of your personal data when you visit our websites or use our services. They can be contacted at:
Telephone: +49 (0)30 81 82 82 33
Fax: +49 (0)30 78 89 03 44
If you have questions regarding the collection, processing or use of your personal data, or for enquiries, suggestions, requests for rectifications, restriction or deletion of your data, and for revocations of consent and objections to a particular use of data, please contact the Data Protection Officer at the above address (subject line for emails: “data protection”).
2. Data Processing on our Website
2.1 Collection of General Data and Information
Our websites collect a series of general data and information each time they are called up by a data subject or automated system. These are automatically transmitted by your browser and typically include:
- an IP address for the accessing system,
- the date and time of a call-up to the website,
- the websites from which an accessing system reaches our website (so-called referrers),
- the operating system used by the system accessing the website,
- browser types and versions used,
- and online identifiers (such as device ID and session ID)
This information is collected solely in order to correctly deliver the content of our website and ensure the reliability and operational capability of our information technology systems and website technologies. It is temporarily stored in our internal log files to enable us to gain statistical insights into how our websites are used by visitors. This information is then used to optimise visitor experience (for example to respond to an increase in the use of mobile devices) and to generally administer and keep up the websites. (See GDPR Article 6.1 Lawful processing).
The anonymous data in the server log files do not identify data subjects or allow conclusions to be drawn about them. IP addresses in particular are abbreviated and anonymised before being stored. Log files are stored for 30 days and then anonymised and archived.
2.2 Fan Pages and Social Media Plug-ins
We operate fan pages on various social media platforms (Facebook, Instagram, Twitter). Social media plug-ins on our website will take you directly to Diehl+Ritter’s pages on these social networks. A plug-in activated by clicking on its button will enable the respective social media platform to collect personal data from you. A direct connection is established between the platform and your internet browser, transmitting information including your IP address, device ID, and the date and time of your visit to our website. Even if you are not logged into a social media platform at the time or, in fact, have opened an account there, the platform is still able to collect this information. If you are logged into your social media account at the time of your visit to our website, the platform can automatically log this visit on your account. If you wish to prevent this from happening, you should log out of your social media user account before calling up any of our websites.
Please note that the personal data collected via fan pages and social media plug-ins is transmitted solely between your internet browser and the social media platform operators. Diehl+Ritter gUG has no knowledge of the contents of this data, nor the ability to collect or store it. We therefore advise you to consult the social media platforms’ latest privacy policies for further details.
2.3 Newsletter Subscription
On our websites we offer you the option of subscribing to our newsletter, which gives regular updates on our projects and events.
We use a double opt-in process to confirm your newsletter subscription. This means that we will only send you our regular newsletters after you have clicked on a link in our notification email, to ensure that you really are the owner of this email address. Once you have confirmed your email address, we store it together with the time of registration and the IP address used to register until you unsubscribe from the newsletter. This information is stored solely for the purpose of sending you our newsletter and as proof of your registration. You are free to unsubscribe from the newsletter at any time, and an unsubscribe link is included in every newsletter that we send to you. Alternatively, you may of course contact us via email or letter at the above address to tell us that you wish to unsubscribe. (See GDPR Article 6.1.a Lawful processing).
2.4 Embedded Videos
2.4.1 Embedded YouTube Videos
Our websites occasionally feature embedded videos that are stored by YouTube. In order to display these videos, it uses plug-ins by Youtube, LLC, 901 Cherry Ave., San Bruno, CA 94066 USA (“YouTube”), a subsidiary of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 9443, USA (“Google”). In the event that personal data is transferred to the USA, Google and its subsidiary YouTube are subject to the EU-US Privacy Shield. The legal basis for embedding videos and images on our websites is GDPR Article 6.1.f (“Processing is necessary for the purpose of the legitimate interests pursued by the controller [...]”).
Each time you call up one of our webpage with such an integrated plug-in, your Internet browser on is automatically prompted to download a display of the corresponding YouTube component. During the course of this technical procedure, YouTube and Google gain knowledge about the specific sub-page on our website that you visited. If you are logged in to your Youtube account at the time, Youtube will assign this information to your respective Youtube and Google accounts. When you use the plug-ins, for example by clicking the start button of a video or by posting a comment, this information is also stored in your personal Youtube and Google accounts. You can prevent this happening by logging out of your user account before using the plug-in.
By managing the settings of your browser you can restrict or fully deactivate the transmission of cookies. You can also prevent the transmission of cookie-generated data from our websites to Google by deactivating the “Ads personalisation” feature in your Google account or browser privacy settings. You will still be shown ads, but these will not be personalised.
Information about the collection and processing of personal data by the platforms and plug-ins is available on Google’s privacy settings for YouTube.
2.4.2 Vimeo Plug-ins and Vimeo Channels
Our websites use plug-ins by the video portal Vimeo, LLC, 555 West 18th Street, New York, New York 10011, USA (“Vimeo”). Each time you call up one of our webpages that displays one or more Vimeo video clips, your internet browser will establish a connection with the Vimeo servers in the USA. During this procedure, Vimeo will collect and store data regarding your visit to the website, including your IP address. When you interact with the plug-ins, for example by clicking on the start button of a video, this information is also transmitted to Vimeo and stored on its servers.
If you have a Vimeo account and want to prevent Vimeo from collecting data via our websites and assigning this information to your account, you should log out of your user account before accessing our websites.
Information about the collection and processing of personal data by the platforms and plug-ins is available on Vimeo’s privacy settings.
Videos from Vimeo embedded on our websites use iframes that include Google Analytics trackers. We do not have access to these trackers, as they report directly to Vimeo. Google offers tools for different browsers that allow you to opt out of Google Analytics tracking. You can also prevent Google Analytics from transmitting data relating to your visit to our websites (such as your IP address) to Google, and Google from processing this data, by downloading and installing the following browser plug-in: https://tools.google.com/dlpage/gaoptout.
Data transmitted by cookies may include:
- your device’s IP address,
- the date and time of your visit to our website
- cookie ID
- device ID or session ID
- technical information on the internet browser or operating system used to access the website.
All data collected in this way is anonymous and cannot be used to identify you.
You can prevent tracking by cookies for analytics and advertising purposes by installing an “opt-out cookie”, or by registering your privacy preferences on websites such as Truste oder Your Online Choices. Both sites offer options for deactivating cookies from a range of providers. Please note that in order to remain effective, opt-out cookies need to be installed again after deleting all cookies in a browser, or when using a new browser or profile setting.
3. With Whom We Share Your Data
We only share data with third parties in very specific cases:
- With your consent: We may share your data with third parties where we have obtained your express consent to do so. You may revoke these consents (GDPR Article 6.1.a).
- Legal claims: We may share your data with third parties in order to exercise or defend legal claims if there is no reason to assume that they should be overridden by your legitimate interests or fundamental rights and freedoms as a data subject (GDPR Article 6.1.f).
- Analytics: We may share your data with persons who provide analytics showing how customers are using our services.
- Certain legal situations: We may share your data where we believe disclosure is necessary to comply with a legal obligation (GDPR Article 6.1.c), or may also result from contractual provisions (e.g. where information on the contractual partners is required). Sometimes it may be necessary for the conclusion of a contract that a data subject provides us with their personal data, which must subsequently be processed by us. For example, data subjects are obliged to provide us with personal data when our company signs a contract with them (GDPR Article 6.1.b).
- Aggregated or anonymized information: We may publicly disclose non-personal aggregated or anonymized information such as our number of visitors and registered users.
In addition, data may be shared to comply with regulatory inquiries, court orders or legal proceedings, insofar as this is required by law.
4. Data Retention
We only store personal data for as long as it is necessary to fulfil our contractual and legal obligations. Thereafter, we will delete the data immediately. An exception to this is data that serves as evidence for civil claims or for statutory requirements of retention. This data is retained until the statutory limitation period for such claims expires.
We are required to retain contractual data for three years from the end of our contractual relationship with a data subject. This is the earliest period at which any claim can fall under the statute of limitations.
In certain cases, we are required to retain contractual data beyond this period for tax and accounting reasons. We are obliged to do so because of legal documentation obligations which arise from the German Commercial Code, the Tax Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The time frames for such data retention requirements vary, ranging from two to ten years.
5. Your Rights
Right of access: You have the right to ask us for copies of your personal information. This right always applies. We will provide you with an overview of the information we hold about you, unless legal exceptions apply.
Right to rectification: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Right to erasure: You may ask us to delete some or all of your personal information and in certain cases, and subject to certain exceptions; we will do so as far as we are required to. In many cases, we will anonymise that information, rather than delete it. You also have a right to ask us to restrict the processing of some or all of your personal information, for example if there is a disagreement about its accuracy.
Right to data portability: This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
You also have the right to object to the processing of your data where we are using your personal information (1) based on legitimate interests, (2) for direct marketing or (3) for statistical/research purposes. (GDPR Article 6.1.e-f).
Finally, you have the right to make a complaint to a relevant supervisory authority for data protection. This may be a supervisory authority in the Member State of your place of residence, your place of work or the place of the alleged breach. In Berlin, this authority is the Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin.
6. Rights to object
You have the right to withdraw your consent at any time. We will then cease to process your personal data for this purpose. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal (GDPR Article 7.3).
You have the right to object to our processing of your personal data on grounds relating to your particular situation (GDPR Article 21), but only to the extent that the legal basis for the processing is that the processing is necessary for the purposes of the legitimate interests pursued by us (GDPR Article 6.1). If you make such an objection, we will cease to process your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes at any time and without needing to state your reasons. If you make such an objection, we will cease to process your personal data for this purpose
Making an objection is simple. Please contact us at the address provided above.
Version: 1.0 / Last updated: December 2018