According to the General Data Protection Regulation of the EU, “personal data” refers to any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a login or name, an identification number, location data, an online identifier or to one or more specific personal factors. Your personal data includes, i.e., your name, mailing address or your email address as well as any technical data produced or processed when using the Website which can be associated with you, i.e., your IP address, operating system or the browser on your end device or your user behaviour and personal data collected by a cookie.
1- Identity of the Data Protection Controller
In accordance with data protection regulations, the responsible body for the collection and processing of your personal data when visiting and using our Website is
2- Contact data of the Data Protection Officer
You may exercise your rights as a data subject with our Data Protection Officer. You can find more detailed information regarding this in Section 8.
3- Automatic data processing when visiting our Website – purpose and legal basis
It is possible to visit and use our Website for information purposes only without having to specify personal data (either by registering or filling out online forms) or without us collecting your personal data. In order for you to be able to view and easily, effectively and securely use our Website, we automatically collect and process (pseudonymised) technical data in conjunction with your end device and your browser.
a. Automatic data collection and processing by the web server
In order to be able to display the individual pages on our Website, our web servers automatically collect and process the following personal data, which are transmitted from your browser
The viewed address on the web server (URL)
The “user-agent” ID that contains additional information depending on the browserOperating system used
Browser type and version
Referrer URL (last visited page, if this page provides this information)
Date and time of server request
These data are stored temporarily in so-called server log files. These data are not evaluated based on your person, and they are not associated with other data sources.
The legal basis for the processing of these data is Article 6 (1) sentence 1. lit. f) GDPR. The data processing operations are required for steps prior to entering into a contract carried out based on your request, since such pre-contractual measures form a part of such visits to the Website.
The (pseudonymous) technical communication data collected and processed to enable the use of the Website (connection setup) are temporarily stored in so-called server log files on our web servers. We use the server log files for internal system-related purposes, in particular for technical administration and to ensure the stability and security of our web server and Website, for example, to identify and track any invalid or abusive attempts to access our web server via the saved IP address. The legal basis for the data processing of these server log files is Article 6 (1) sentence 1, lit. f) GDPR, which allows the processing of personal data within the framework of our legitimate interests, provided you do not have any overriding fundamental rights, freedoms or interests. Our legitimate interests lie in the simple administration and the safe operation of our Website.
In order to ensure our Website is user friendly and attractive to users and to allow the use of certain features, we sometimes use so-called “cookies” on our Website. These are small text files that are assigned to the browser you are using and stored on your device and through which the body that places the cookie (in this case: we) can obtain certain data. Cookies cannot run any programmes, transmit any viruses onto your end device nor do any other damage to your end device.
Some of the cookies we use are deleted after the end of the browser session, i.e., after you close your browser (so-called session cookies). Session cookies can attribute various requests from your browser in the same session. As a result, we can recognise your browser when you use multiple web pages on our Website or return to our Website without closing your browser. We use session cookies to provide certain features used by you. A different kind of cookie (so-called persistent cookies) remain on your device for a specified time and allow us to recognise your browser the next time you visit our site. Persistent cookies have an expiration date and thus are automatically deleted after a certain period of time. In addition, you can always manually delete them in your browser’s security settings.
The legal basis for the data processing with help of cookies is Article 6 (1) sentence 1, lit. f) GDPR, which allows the processing of personal data within the framework of our legitimate interests, provided you do not have any overriding fundamental rights, freedoms or interests. Our legitimate interests lie in ensuring the technically correct and optimised display of our Website and certain features and the offers on our Website as requested by you.
Details on cookies, as well as an overview of the cookies used can be viewed on the page “Cookie guidelines”.
c. Use of web analytics tools
(1) Google Analytics
This Website uses Google Analytics, a web analysis service of Google Inc., Mountain View, CA, USA. (“Google”). Google Analytics uses various methods to analyse the use of a website, such as “cookies” (see Section 3b. above). The information collected by Google Analytics about the use of the Website will usually be transmitted to and stored by Google on servers in the United States. By activating the IP anonymisation, before transferring the data to the servers in the United States Google will truncate the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases is the full IP address sent to and truncated by Google servers in the United States. On our behalf, Google will use this information for the purpose of evaluating your use of the Website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to us.
Google will not associate your IP address recorded by Google Analytics with any other data.
You can prevent the collection of data by Google Analytics by not saving a cookie with the name “_ga” or “_gid” in the settings of your browser software.
Furthermore, you can prevent Google’s collection and use of data related to the use of the Website (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB.
As an alternative to the browser-plugin, you can prevent data collection by Google Analytics by clicking on this link. This saves an “opt-out cookie” (name “_ga_opt_out”) on your device, which prevents the collection of your data whenever you visit this Website in the future. If you delete your cookies, you must click on the link again.
The legal basis for the use of Google Analytics is Article 6 (1) sentence 1, lit. f) GDPR, which allows the processing of personal data within the framework of our legitimate interests, provided you do not have any overriding fundamental rights, freedoms or interests. Our legitimate interests are based on the regular measurement, analysis, evaluation and improvement of our Website and offers. In this respect, Google acts as our processor pursuant to Article 28 GDPR. In exceptional cases in which personal data are transmitted to the United States, Google is subject to the EU-US Privacy Shield, which you can read here: https://policies.google.com/privacy/frameworks?hl=en-GB.
(2) Google Ads Conversion Tracking
Within the scope of promoting the Website with the Google Ads service, we use the statistical analysis based on Google Ads advertising on the Website, on their account, to control advertising success and optimise our Google Ads campaigns as well as the Google Ads Conversion Tracking, a web analysis service of Google Inc., Mountain View, CA, USA (“Google”).
Google Ads Conversion Tracking also saves cookies on your end device to allow for your use of the Website to be analysed under a pseudonym. If you click on one of our ads as a result of a Google search, Google saves this action in a cookie on your computer with a name starting with “_gac”. This so-called conversion cookie expires after 30 days and is not used to identify you personally. If you visit our Website during this period based on one of our ads, regardless whether you access it immediately or not, this counts as a so-called “conversion” of our ad. In such cases, we are able to recognise based on a pseudonym which search query was used in the Google search engine before clicking on the ad and which ad led to our Website. In addition, we can recognise in pseudonymous form with the conversion cookie if the click on the ad ultimately led to actions on our Website.
The information generated in pseudonymous form by the conversion cookie about your use of Google Ads and this Website will usually be transmitted to and stored by Google on servers in the United States and statistically evaluated by Google on our behalf. The transfer of data to Google in the United States takes place independent of whether you have an account with Google in which you are logged in or not. We use the results generated by Google to settle the Google Ads campaigns, to create conversion statistics and to assess and optimise the quality, relevance, attractiveness and the success of our Google Ads campaigns and our offers on the Website. We are able to statistically analyse in pseudonymous form how many users click on what kind of ads after using certain search queries, and how many users carry out certain actions on our Website after clicking on a specific ad. This is in our legitimate interest. The legal basis for the use of Google Ads Conversion Tracking is Article 6 (1) sentence 1, lit. f) GDPR, which allows the processing of personal data within the framework of our legitimate interests, provided you do not have any overriding fundamental rights, freedoms or interests. In this respect, Google acts as our processor pursuant to Article 28 GDPR. Insofar as personal data are transmitted to the United States, Google is subject to the EU-US Privacy Shield, which you can read here: https://policies.google.com/privacy/frameworks?hl=en-GB.
We do not receive any data through Google Ads Conversion Tracking or the corresponding evaluation with which we can identify the user personally. Since each advertiser receives a different conversion cookie, they also cannot be tracked via the websites of more than one advertiser.
We have no influence on and are also not responsible for any further processing of the data submitted to Google. We are not aware of this data processing nor their purposes or retention periods either in general or in detail. Therefore, we can only inform you based on our current level of knowledge: By integrating Google Ads Conversion Tracking, Google receives the information that you have accessed the corresponding section of our Website or clicked on one of our ads. If you are registered and logged in to a service by Google, Google may associate this information with your Google account and your profile stored there. Even if you are not registered or logged in, it is possible that Google may become aware of your IP address and store the information in pseudonymous form in a usage profile. Google uses these user or usage profiles for purposes of customising its offers, advertising and/or for market research.
If you do not want your data to be collected by Google Ads Conversion Tracking while you are logged in with a Google account, you can disable it in the ads preferences manager (https://adssettings.google.com/authenticated?hl=en-GB).
As listed in section 3, you can prevent or control the storage of the conversion cookies by adjusting the settings in your browser. You can even prevent the storage of conversion cookies of Google Ads Conversion Tracking by adjusting the settings in your browser to block cookies from the domain “www.googleadservices.com” or those whose names starts with “_gac”. In addition, you can delete conversion cookies already stored on your end device.
In addition, you can prevent the execution of Google Ads Conversion Tracking on your end device by installing a tracking blocker (e.g., from www.ghostery.com). You also have a right to object to the formation of (pseudonymous) user profiles on Google, whereby you must contact Google directly to assert this right.
(4) Google reCAPTCHA
For various services and forms on our Website, we use Google’s reCAPTCHA service, offered by Google Inc., Mountain View, CA, USA (“Google”). Google reCAPTCHA is used to verify whether data entries in online forms are carried out by a human or an automated program, script or the like. For this purpose, Google reCAPTCHA analyses input behaviour of the person entering the data entry based on the various features. This analysis starts automatically as soon as the corresponding website is accessed. In its analysis, Google reCAPTCHA evaluates various pieces of information (e.g., IP address, identification data of the browser used, browser settings, browser plugins, URL of the referring website, time spent on that website, mouse movements, input behaviour of the person entering the data such as input speed, order of entry and selection of inputs etc., Google cookies). The data collected during this analysis are forwarded to a server of Google in the United States, where they are stored and evaluated. The personal data from the online forms is not evaluated or stored.
The legal basis for the use of Google reCAPTCHA is Article 6 (1) lit. f) GDPR, which allows the processing of personal data within the framework of our legitimate interests, provided you do not have any overriding fundamental rights, freedoms or interests. Our legitimate interests lie in protecting our Website and online forms from automated abuse, spying and spam.
d. Social media
We integrate the social networks of the providers Facebook, YouTube, Twitter, LinkedIn, XING, Google+ and Instagram (“social media”) on our Website. In addition, we maintain publicly accessible profiles on social networks.
Facebook is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA. We had to agree to the Page Controller Addendum of Facebook. In this Controller Addendum we define which data processing operations we or Facebook are responsible for when you visit our Facebook fan page. You can view this Page Insights Controller Addendum under the following link: https://www.facebook.com/legal/terms/page_controller_addendum. For more information on data collection, go to: http://www.facebook.com/help/186325668085084 and https://www.facebook.com/help/325807937506242. Facebook hat sich dem EU-US-Privacy-Shield unterworfen, https://www.privacyshield.gov/EU-US-Framework.
YouTube is operated by Youtube LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. For more information on data collection, go to: https://www.google.com/policies/privacy/partners/?hl=de. is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Twitter is operated by Twitter, Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. For more information on data collection, go to: https://twitter.com/privacy. Twitter is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For more information on data collection, go to: http://www.linkedin.com/legal/privacy-policy. LinkedIn is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
XING is operated by XING AG, Dammtorstraße 30, 20354 Hamburg, Germany. For more information on data collection, go to: http://www.xing.com/privacy.
Google+ is operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. For more information on data collection, go to: https://www.google.com/policies/privacy/partners/?hl=de. Google Inc. is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Instagram is operated by Instagram LLC, 1601 Willow Rd, Menlo Park, CA 94025, USA. Instagram uses standard contractual clauses approved by the European Commission; for data transfers from the EEA to the United States and other countries, it relies, where necessary, on the adequacy decisions adopted by the European Commission regarding certain countries. For more information on data collection, go to: https://help.instagram.com/519522125107875?helpref=page_content.
(1) General information on data collection and processing by social media
Note: This section describes the general mechanisms of data collection and processing by social media services when integrated into a website. In the following paragraphs (2) and (3), we describe in concrete terms how we have integrated this into our site to ensure there is minimal adverse effect to your privacy when using social media.
The respective provider may store data concerning you as usage profiles and use them for purposes of advertising, market research and/or customising its site. Such an evaluation is done (even for users who are not logged in) to display demand-oriented advertising and to inform other users in the social network about your activities on our site. You are entitled to the right to object to the formation of these user profiles, whereby you must contact the respective provider to asset this right. By integrating social media features into our Website, we offer you the ability to interact with other users via social media networks with the goal of improving our online offer and making them more interesting for you as a user. The legal basis for the integration of social media is Article 6 (1) sentence 1, lit. f) GDPR.
Data may be potentially transferred regardless of whether you have an account with the social media provider and are logged in to that site. If you are logged in to the social media provider, your data collected on a website are attributed directly to your account with the social media provider. If, for example, you click on the “share” button to share the retrieved webpage on a social network, the respective social media provider saves these data in your user account and shares them with your contacts publicly or in a limited manner (depending on your settings with the provider). If you do not want this, we recommend you regularly log out of the social media network after using it, as you will be able to avoid your use being attributed to your profile with the social media provider.
On our Website, social media features are used specifically as described below:
(2) Social media buttons on the Website
So-called “social media buttons” from the providers Facebook, Twitter, Google+, XING and LinkedIn are embedded in our Website.
To increase the protection of your data when visiting our Website, the buttons are embedded in our site using a mechanism called “Shariff” from the publishing house “heise online”. This embedding ensures that no connection to Facebook, Twitter, Google+, XING and LinkedIn’s servers is established when accessing a page on our Website that contains these buttons. Only after you have actively clicked the button of the respective provider (Facebook: “share”; Twitter: “tweet”; Google+: “share”; XING: “share”; LinkedIn: “share”) and thereby given your consent to the transmission of data will your browser connect directly to the respective provider’s servers. By clicking on a button, the respective provider receives the information that your browser has accessed the corresponding page on our Website even if you do not have a profile with or are not logged in to the respective provider. This information (including your IP address) is transmitted by your browser directly to the respective provider’s server and stored there. For the social media buttons for Facebook, Twitter, Google+ and LinkedIn, the data are transmitted to the United States.
If you are logged in to one of the social media networks, the provider can directly associate your visit to our Website with your profile on Facebook, Twitter, Google +, XING or LinkedIn. If you interact with the buttons, for example, by pressing the “tweet” button for Twitter, this information is transferred directly to a server of the provider and stored there. The information will also be published on the social network or on your Twitter account and shown to your contacts there. If you do not want Facebook, Twitter, Google+, XING and LinkedIn to directly associate the data collected via our Website with your profile on the respective provider, you should not click on one of the aforementioned buttons on our Website.
4- Collection and processing of your data provided by you – purpose and legal basis
The use of certain features of our site, such as the contact forms or the email newsletters, requires the collection and processing of personal data. We process such data on our Website only if you provide us with these data yourself and it is legally permissible.
If your consent is also required for the collection and processing of certain data, we will ask you for your consent at the appropriate passage on our Website. This declaration of consent is logged by us. You are entitled to revoke any declarations of consent at any time, in part or in full, with effect for the future. Such a revocation is also logged by us.
a. Contact and request forms
On our Website, we provide a number of forms in which you can ask us questions on a range of topics.
In order to process and respond to your request, we require at least the categories of data that are marked with an asterisk in the respective form. The legal basis for the processing of these data is Article 6 (1) sentence 1. lit. f) GDPR. The data processing is required for steps prior to entering into a contract carried out based on a request, since such measures form a part of such contact requests.
You can help us respond to your request and contact you by voluntarily providing additional contact information. The legal basis for this is Article 6 (1) sentence 1, lit. f) GDPR, which allows the processing of personal data within the framework of the “legitimate interests” of the controller, provided you do not have any overriding fundamental rights, freedoms or interests. Our legitimate interests lie in being able to process your contact request more easily, more efficiently and more quickly and to directly contact you. If you do not want this, please do not fill out the fields marked with an asterisk.
For most contact and request forms, we use the service Google reCAPTCHA (see Section 3c.) to protect against abuse.
b. Email newsletters
In addition, you can register to receive our email newsletter by using the form provided for this purpose on our Website. With your consent, Diffutherm B.V. processes the personal data specified in the form to notify you in an email newsletter about products, events and seminars of Diffutherm B.V..
Providing your email address and your country are essential for the selection and dispatch of the appropriate newsletter. The legal basis for the processing of these data is Article 6 (1) sentence 1. lit. a) GDPR. We process these data with your consent. You may revoke your consent and can unsubscribe from the email newsletter at any time. You can do this by writing to the contact details listed in the legal notice or an email to email@example.com using the link listed in each newsletter.
You can also voluntarily provide us with additional personal data concerning you to enable us to contact you personally in other ways. The legal basis for the processing of the data voluntarily provided to us is Article 6 (1) sentence 1. lit. f) GDPR. According to this provision, processing is permitted when our legitimate interests have to be protected. Our legitimate interest lies in improving the quality of our support and to be able to contact you more easily with any possible questions.
For the registration for our newsletter, we use the so-called double-opt-in method. This means we send you an email after your registration to the specified email address in which we ask you to confirm that you want to receive the newsletter. If you do not confirm your registration within 48 hours, your data will be automatically deleted. In addition, we store your used IP addresses as well as the times of registration and confirmation. The purpose of this procedure is to be able to prove your registration and if necessary investigate any potential misuse of your personal data.
We must point out that we evaluate your user behaviour when dispatching the newsletter. For this evaluation, the emails sent include so-called web beacons or tracking pixels that represent a pixel image file that are stored on our Website. For these evaluations, the data referred to in Section 3a. and the web beacons are linked to your email address and an individual ID. In this way, we can determine whether a newsletter message has been opened. Furthermore, we can determine with the help of marmato, whether and which links in the newsletter message have been clicked. All links in the email are so-called tracking links with which your clicks can be counted. The data are collected exclusively in pseudonymous form, which means the IDs are not linked to your other personal data. It is not possible to directly relate these data to your person.
The legal basis for the use of tracking measures is Article 6 (1) sentence 1, lit. f) GDPR, which allows the processing of personal data within the framework of our legitimate interests, provided you do not have any overriding fundamental rights, freedoms or interests. Our legitimate interest lies in the ability be able to analyse the use of the email newsletter and regularly improve the newsletter.
You may object to tracking at any time by clicking on the separate link provided in each email or by writing to contact details provided or an email to firstname.lastname@example.org.
5- Recipients of personal data
The personal data collected by us within the scope of the visit and purely informative use of our Website (see Section 3) as well as the personal data collected in connection with the use of certain features and services of our Website (see Section 4) are in principle not disclosed or sent in any other way to other recipients. Excepted from this practice are any necessary transfers of personal data to government institutions and authorities as well as private rights holders on the basis of statutory provisions or judicial or administrative decisions as well as the required disclosure to government institutions and authorities in the event of attacks on our legal interests for purposes of law or criminal enforcement.
6- Data security
The personal data collected and stored by us will be handled confidentially and protected by appropriate technical and organisational measures against loss and modification as well as unauthorised access by third parties.
7- Duration of storage
In general, we store personal data only for as long as it is necessary for the fulfilment of the intended purpose of the data processing or until you request us to erase your personal data due to overriding legitimate grounds (see Article 17 (1) GDPR). After the retention periods expire or based on your legitimate request for erasure, we assess each case on whether certain personal data are required for (other) legitimate purposes and, if not, whether any contractual or statutory retention periods stand in conflict with the erasure of the personal data. In these cases, the relevant personal data are stored for these purposes as long as is required for the fulfilment of this (other) legitimate purpose or for the duration of the respective contractual or statutory retention period. For any other purposes, however, they are blocked and then permanently deleted after the last contractual or statutory retention period expires.
The technical communication data (see Section 3a.) stored in the server log files are deleted after 90 days.
The session cookies used by us are deleted when you close your browser. The persistent cookies we use remain on your device until their specified lifetime expires or until you remove these manually (see Section 3b. and our Cookie guideline). The cookie that is used to save form data in your browser (see Section 3d.) will be automatically deleted after 60 days at the latest.
The personal data collected by Google Analytics, Google Ads Conversion Tracking are deleted immediately by anonymising IP addresses (see Section 3c.). We have reduced the retention period of the anonymised data collected by Google Analytics to a maximum of 26 months by agreement with Google.
The data collected using contact forms (see to Sections 4.a and 4.e) are stored by us only for as long as is required for the processing of your request and to contact you.
The data collected for the newsletter (see also Section 4.b) are stored for as long as this is necessary for the delivery of the newsletter. If you unsubscribe from the newsletter, your data will be deleted. The data obtained through the newsletter tracking are stored only for as long as you are subscribed to the newsletter. After unsubscribing, we will store the data anonymously only for statistical purposes.
The data associated with your user account (see Section 4.c) are stored for as long as your user account is active. You can delete your account at any time by sending us an email to email@example.com or sending a letter to the address specified in the legal notice.
The data collected on the order/offer form (see Section 4.d) are stored for as long as this is necessary for processing your request, in particular, for sending offers and samples.
The data collected within the scope of your request sent to Live Support (see Section 4.e) are stored for as long as this is necessary for processing your request and any further inquiries.
Furthermore, the storage of data may be required for accounting or other legal reasons for the duration of each specific statutory retention periods.
8- Video recordings on our premises
To protect our employees, company premises, buildings and security areas, we use cameras for video surveillance.
a. Identity of the person responsible for video surveillance
The Data Controller for the data protection processing of the video recording can be found here (according to your point of contact). If you have any doubts, please contact: firstname.lastname@example.org, we will be happy to assist you.
b. Purpose and legal basis of data processing:
Legitimate interest: Protection of property against vandalism, breaking and entering, theft, avoidance of crime, protection of health and life, preservation of evidence (cf. Art. 6 para. 1 f) GDPR)
c. Duration of storage
We process and store your personal data as long as it is necessary for the above-mentioned purposes and / or for statutory retention obligations and until all mutual claims are fulfilled. If the purpose of the data collection has been fulfilled, the data will be deleted on a regular basis, unless their temporary processing is required. This means that, if there are no retention obligations, we keep the records for at least 48 hours and delete them no later than four weeks, unless they are needed for emergency responses, law enforecement, prosecuting offences and execution of sentence.
9- Your rights
Insofar as the legal conditions laid out in Articles 15 et seqq. GDPR are in effect, you have the following rights (so-called data subject rights) with respect to your personal data stored by us:
You have the right to obtain confirmation from us at any time as to whether personal data and which categories of personal data are stored by us, for what purposes they are being processed and the recipients or categories of recipients who may gain access to them. In addition, you may request information from us on your personal data as laid out in Article 15 GDPR (right of access).
In accordance with the statutory requirements, you also have a right to rectification (Article 16 GDPR), a right to erasure (Article 17 GDPR) and a right on restriction of processing (blocking) (Article 18 GDPR) of your personal data.
Furthermore, in accordance with Article 20 GDPR you have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You may transmit these personal data or have them transmitted to another controller (right to data portability).
You are also entitled to revoke your consent at any time.
In addition, if all legal requirements have been fulfilled pursuant to Article 21 GDPR, you have the right to object to data processing that is based on the legitimate interests of the controller or a third party pursuant to Article 6 (1) sentence 1. lit. f) GDPR (see Sections 3a., 3b., 3c., 3d., 4a. and 4b.).
To exercise your rights as a data subject, you can contact us at email@example.com at any time or send a letter to the address listed in Item 1.
Furthermore, according to Article 77 (1) GDPR you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State where you reside or work or where the alleged violation takes place if you believe that the processing of your personal data is in violation of GDPR.